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(54) System and method for processing protected data 



(57) A secure appplicatlon module (SAM) receives 
a secure container In which content data encrypted with 
content key data, the encrypted content key data, and 
usage control policy (UCP) data designating a handling 



policy of the content data are stored, and determines at 
least one of the purchase mode and the usage mode of 
the content data based on the UCP data. The SAM 
serves as a slave for a host CPU, and is also provided 
with a common memory shared with the host CPU. 
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^ng mformation 721. andenc 'pts it b?'""''^'^ «'='^°-nt 

roiot: V 7to P^°^^=«'"9 modu/e 720 

i"009J In this case the r a 

processing on the items con^.'^°"^"'^ P^'^^^'^s the 

be managed by the sen.Le o L ^^' '-'^^^ 
er^ contract (rene^ai) '^nZ^^Z °' "s- 

ample, a month/y basic fee r - ''^''^'^fon of, forex- 
^-^.^uu/u^cbyusingsession'r""""'"'^"^" 70Sa ^^^'^o^nting processing for eacr^""^ ''='"9 ^ "^tworic 

nformatinn , 'Management «vc..^ . 'he content providers 7oiI , """^ P''^^^^^'- 710 and 

7l0tol''''°"''^^^*«'"butedfrom;,^"' ^^^'^^ this 

. an?nt!^^^°"^^"^P^°^''ders7oTa ?n^^ 

an mteimediary, for exam,,/ »u ' 3"^* 701c via 

R'Shts Of Authors St? ■ ""^-^^P^^eseSociet^for 

.«ni aata 704a znan 'he de- l^^"" with the contrn?"J "^'^ 707b, and 

beer, received online cr^m ' ^""^ 7°^<= ^vhlch have ''''' '^^P^'^^i^oly on a r^ l ^^^^ '<°a. Kcb and 

^ata 707a, 707b"and 707c 7n^:° " ^° ^^^'^ ^-^om access mem ^rSr?"" ^^^^ -^^'^ - 

copynght Infemiation 704a 7nV. of the °^ P^^*"^^ '^OPV contro7bl ^' device 

provider 71 o embeds the dioT, ' ^''^ S -"Pyn'Sht inforaSnr"""'"^ '^e SCMS S 

mto mecontentdata^t ' 'n'o-ation ^.''^ ^-Perfom^s coo;ri!/°^''- 705c. r^J 



Sising^%pa,^^,7 '■^'^'es to a d., 

content data and to^STnd '^''"^"'^^^°'^-'=°de the 
fVPe Of such data prrvldinc J^^' ' ''^"^^>-- One 
e'ectronic music distrSfEMnr ' ^°--n«ona! 

convel,;;3%^ ^ -hem^^ diagram iiiustrating a . 
content provide,^ 70ia and 7oih 700 
704a.. 704b, and 704c «nd ^"''^Pf 'content dat« 

J05b.and705cbySg3i^^^^^^^^^^ 
performing mut,,., ,...u^. '<eydata obtained afte;^ 



y murua authf^nf "Drained afte 

encrypted data to a seS 'r^.'"'' P^°^'de the 
"'ne. The copynght /nfrr^aflon ^5 °r of 

may ,nclude serial copy ma ' 1^^"' 705c 
'nformatlon, digital watpJ^ ,^ "'^"^^ystem (SCMS? 

content data 704a rSra^d ;o4'"°^^^^^-«-^^^^ 
'hfomiation 705a, 705b and 7o. f ' <=°Pynght 
s'on key data. ' ^^^^ by the use of the ses 

Cy^ghtlnf^n^ir^^P;^^^^^ then embeds the 

coded content data 704? 704b ' "V '"^^ 'he de 
been received online or oWnet'"' "^''^^ ^^-^ 
data 707a, 707b, and 707c 7n ,h '° '^""^^^ 
copyright Infemiation ToZ jcJh" P^^ °f the 

provider 710 embeds the dio^? . ' ^^r^iTe 
mtothecontentdata704a?o?H '''^^^'^'■"'°'^ation 
predetemiined frequency dom=-^"'''°^''i'^'^Wn9 
SCMS information .'tJ^^Jr^f?- ^"'^ ^'""eds the 
-.ttmgthecontentdata 7oX 7?r°°''"^^'*^°^^^Bns 
°^«'704b.and704ctotheus. 

roooei TK . 



data Kca, Kcb, andKcc resold ^''"^^""tent key 
database 706. Subsequemirfh ' ^' « key 

encn^pts a secure con'tarne77S 17^ '"°''^-^ 7lo 
crypted content data 707a 707b ^'^^ 
session key data obtained aft " o.^ '"^'^^ "«'"9 
thent,eation, and sends the TncZTT'"^ 
722 to a conditional access SS'^T^^^ '^^"'ainer 
a terminai device 709 of the '""^ stored in 

rOOOT] TheCAmodute7l,dp'. 
tainer 722 by using the sesl l "^^^ ^^^^e con- 
uie 7,1 also receivL the ..n !n. -lod- 
Kcx from the key databasnS'^.l'^^'-Kca. Kcb, and 
-----naccountin,.°X^::n- 



••■">'«Hy control bvovpr..,r> ' °evice 

_ copyright -nfom.ation 705a 7o?H ^ ^""^^ ^'^^ 

=^"9 (copy J^!^"""^ ""e-geSS, 
"911 p™.cto„. """^ i^ufflclem far copy 

' " an aim of at 
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a content provider. '=°"fent-nghts holder, such as 

S^SaratlVr^atL p";^""'^^ ^ '^'^ '"9 

tecting the proffts olZn°' '^"^^^"'^'ng a 'oad for pro- 
content provider '^""'^^^'^'S'^ts holder, such as a 

St^ereTpJSriS^^^^^^ 
performing rights processlna of . f ""^ '^P'^^'"^ 
«"th content key da°rbased 1 ^ ^"'^^ 
(UCP) data, and^or decjp ' th'/''^ """^^ 
key data. The data proces^ina L '^""f^"' ' 

a tamper-resistant c/rS module''^' 
metic processino cirpMit 1 ^ '""^^ '^"s- an arith- 

Perfomnlng the -g" ri°T''''' '° or 
based on the UCP dla TsTo ' c °' '^""^^"^ 

«^st bus; a second bus a fS??„r""' """"'^'^^ 
posed between the first bus and th 
cryption processing circuit conn ^" 
,f°^clecryptingthecontente^^^^^^^^ 
'Hterface circuit connected S^^h ^^' ^" bus 
[0018J According "^ ^'"'^^'^tr'^^"^''"^ 
processing apparatus, cogent daTr""°"^' ^^'^ 
content key data, and corrernonH . ' °°'^esponding 
fnbuted, and also, licens7kJv d l?.''''^ ""^^^ 
content key data is distributed' Si r ' ^^'^'^P^^S ^''^ 
stored, for example, in the abnv^ '''^"^^'^«y ''ate 
cult H ■ '''^^''"^^-'^escribed storage cir- 

apparatus via the extem«T h ^"'^"'^''^Prooessing 

ngmsprocessingof^TconlX^'r"'^ - 
data is executed in tS ''^'^''°"^^«UCP 

processing Circuit. The eafter thr"'°"'' 
decjvptsd in the arlthrnerp^i'eL^!;^-^ data is 
the license key data r^^n , '''^°'=^^sing circuit by usino 
r0020] Theaforemrn7onTw'"^'°^^^^ 

performs mutra:t ^nLj^^^^^^ '^^^'"9 ^P-a- 
-ng apparatus, and encryp"s S ? '^^^od" 
data and content data b^S^a !,f "^^y 
tainedbyn,utualautSiSn;„!f'^'°"'^5'^^^aob- 
decoding apparatus. ^"'^ ^^n^^s them to the 

Say'Ch^e"^^^^^^^^^^^ 

■n the tamper-resistant circuTmnH ''^''^ circuit with- 
.-nclude a third bus connecteS ToT ' -^'^ 
-ng Circuit and the storage 2^:1 Tr'" 

nectedtothefirstinterfaceciS an^fJ""^' 
face circuit may be intemo^fH K !' ^^'^""d inter- 

the fourth bus ^"^^""^^eentfie third bus and 

KyfXrs^^^^^^^^^ . 

ouit module; a fifth bus a tSinti^"'''^''"^^*"*^"* 
ecf to the fifth bus, for perforSr ^^^^ 

performing communication with a 
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^^'S:rr:^--^--ionfunc. 

an integrated circuit card and a f„ 
'nterposed between the fn.fl^! '^'^ interface circuit 
r°023J ,n the afommL n'e 

ratus, the enc^^ptjon processtn ^ Processing appa- 

P-biic-keyencryptionci Sndacr' ^ 
tion circuit. "° a common-key encryp. 

- --'thJ^rrlg^^^^^^^^^^^^ P-essing appa- 

tf e data Processing applrmusf!." ''""^'^ ^^'^^ 
second data proces^g appa'alus °^ ^ 

cryption circuit may verify^he!nTI ./^ Public-key en- 
Which verifies the integ^ J hlTr'"''""'"^" 
" tent key data, and the Ucp data h ' ''^ 
sponding public key data Whl ^ "^'"9 °orre- 
data, the content key d^a ^n^t;' n^'^'"^ '=°"f^nt 
oording medium or when ^^J^ ""^^^ °" « re- 

,^ <^ata processing appar Is ,t"n m'" '° ^^^^ 
" ---it may create signature data T. T' '"'^'^P^"'" 
tegniyof the content data LSI . "^'"'^^ 
UCP data, by using the p^ "^td^^^^^^^^ 
keyencT^ptioncircuitmaydelnlthf"-^^^"^ 
and When sending the contem data ^^te, 
ta, and the ucP data to tZ ' °°"fent key da- 

Paratus online, the coloVSr' '^'^ ^P 
encn^t and decrypt re7onS h"'^''"°" 
data, and the UCP data k „ ' key 

^-•nedbyperfonSngtu^^ia'rhr^^^^ '^'^ 

- Jy firrXrShtr ^pp-- 

within the tamper-resistanro generating circuit 

'•ng^ash values Of the^fnltST'"'^' ^^--t- 
andtheUCPdata.ThepuSv ■^''°"'^"''^«y^af« 
verify the integntyofthe'sfgn^lTe^^^^^^^^^^^^^^ 

, miy fu^he^nSr^^^^ 

' Circuit Within the tamper-reSt tT"""""'"' generating 
random-number generat nnn ™^"'e- The 

the second bus.'orgSaro"! ""''^ ^^""^'^^^^^^ 
performing mutual authentS '1"'^°"' """'''^^ f°r 
processing apparatus whers^dirth'^ 
the content key data, and the Uci 1,^''°"''"' 

-s^thetre^n^brinS^^^^ 
ed to an external storage cSf'^"" """^ °°""e'=t- 
of the content data. tS co ' L ? T'""^ 
data. ' °°"tent key data, and the UCP 



c'udeist^::gtXTnlV''^^^ 
-ess to the sforarc rcTa 
storage circuit via the e«lrnal b '° 
accordance with a command r' '"'^''^"^ 
processing circuit '=°"'"^^"d from the arithmetic 
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ly controlling a system oZl i .l ^PP^'^^^^ forcentral- 
Paratus is loaded ''^ ^^'^ Processing ap- 

managing an address spaTof T/'r'"' 
and an address space of th? f ^'"'^S^ circuit 

[0031] In the afor.^ , ^^°'^9e circuit 

at least one of a purchase m^n^ " "'^^ '^etenr^ine 
the content data based on T ^ "^^9^ '^"^^ of 
by the UCP data and Iv "''""^ ^^''^^^ '"^•'^^ted 
--'t Of the .t'Z j^ZT'' '''' « 

meticprocessingcircrmaycreateo.' 
data in accordance with Z dlZ^- ^^^^ ^^atus 
and may control thr^sl of ,h?'^'"^^P"^'='^^^^^°de, 
the usage control status data '^'^ - 

fatus% re^rr^rrr^^^^^^ ^^P- 

chase mode is dete Jined ' '^'^''^^ P"^- 

common-key enco^pTon c^ Jt ma 
key data and the usagrcoSsT«? ^^^^^^ ^^e content 
^'"m key data correspo d na , ' ''^ """^ 

r0034] In the aforemenSonPd ^ ! 
-'US, ..e content key darmay be' f""''"^ 
cense key data havinoan 7 encrypted with li- 

circuilma^storet^cirselrylr^rV'^'^^^^^ 
'ng apparatus may further inclunf '''^ P'^'^^^^" 

generating real tirne, ?hraritm!r' '""^ "'^"^"^ 
may read the effective licenrivl?^°'^'^'"9 
circuit based on the reTt^r^! 7 the storage 

Clock. The common Sy^tc 'pl^^n'''' ""'"'^ 
the content key data by u JnaTh! T""" ""^^ "^^^^^t 
r0035] ,n the data proSnn "'^^"^^ key data. 
Circuit may write and eTse d" « ^^^^^S^ 
data processing alaTal ' J" ""'^ 
tamper-resistant Circuit mTd,!. / '""^''^ ^'^^ 
Ciiit for controlling the ^rSino « T"^-^°'"' 
into and from the storageSitT "'"""^ °' '^'^ 

-fo^t^eTetprrdt^^^ 

'orperfom^ingrigSsp oifno f'™''"^^"^^^^^^^^ 
ed with content kevdlffh ^ ''°"^^"*^^*««"crypt- 

<^ecrypting the enc^pS^ c^^^e' r.""^" ''''' 
processing apparatusS.r "^^e data 

Circuit modul^a 3?aT''" ' ^^P— distant 

cuit connected to the first bu. T '"^"'^ Processing cir- 
P-cessing of the iontem da" a l^LlTT^ '^'^^ 
a storage circuit connected to ^h , " UCP data; 
bus; an interface circuSmosI^H^'^^ ^ 
and the second bus- an en^^n, 
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external circuit via th^ 

arithmetic process ingcSuThl' '='^<='^'t. the 
ternal circuit so as to peZn „ ""^^ " 

interrupt, and repor^TresT?? '^^''^^^'^^ 
the external circuit Processing to 

ShJa;^b^^---- processing appa- 
result Of the processing bv o'Sn '"' "^'^ 
external circuit ^ ^ °utputt,ng an interrupt to the 

SheirerbriS^^^^ 

memoo. for the arithmeS'^! ^ ^ ^°^mon 
temal circuit The aritTml. ^^'"^ ^nd the ex- 
the result onhe n 'lT ''''°''^'^>''3a^^^^^^ 

write 

Theextemalcircu^mayobtaint:^ '^"^°'y- 
'"ng by polling. ^ ^«^^'t Of the process- 

fSheXirirrr^^ 

tus register ind/catinT an ^l™''"'''"'"- " "^^^ 
processing requested fror^ " "'^'"^ the 

arithmeticprocesJngcircul^ LnH'""?'"" '^''^'^'^'^ 
tf^e arithmetic Process^rc^Sd r 
nal circuit; a second status r»n T ^^"^ ^^^r- 
the external circuit has r!^ 
P^°cessing Circuit to perfTm^ p'l^ ^'''""'''^ 
a flag set by the externa^^ > ^'"^^ '"'^'^ding 
metic ProceLing c^St and t"h ^'^^ ^'^^'^ 

stonng a result o'f the "pJocrs;;: '^'"'"^ 

- fatus,;heXfj::rn;~^^-^^ 

describing the processing " '"'irrupt program 

and the anthmetirpr^cessta 'fL^f '"''^''^P'' 

processingbyexecut ngthe,n?e^^^^^^ ""^^ ^^^""^ 
the storage circuit. '"t^rrupt program readfrom 

" Smiy It^rf r j:;^,r ^^^^^^^^^ the storage 

andapluralityofsub rou«nestIh ' '"""^^ ^^9^^"^^- 
the interrupt program Thl f u ^ '^^'^^'^en executing 

may approprLTreal an; ^^"^^^'^^ 
from the storage cS whtn S"b-roatines 

leSt^etifp^^rerr^^'^^^ 

^^''^ding.anar^L'el'ptceVsror"""'"^^ 
-ng a predetemiined proZT.nnT'^'"'' 
termpt according to a predTw!,"'' °"'P"«"9 ^n in- 
•ng as a master^nd a t^'"^' '^^ 
Perfom,ing Predete^;f;^pror3-"^,;^ 
the interrupt from the arirhn, v ^ " response to 

- ^^-rving'asaTlaveto thralmT"^"^ 

Paratus. and for renorfinr, ^"^'^metic processing ap- 

tt^ear.hmeticp;orrgVpp:S;^s°Trr^^^^^ 
-ng apparatus may include S,Ta tam„ ^ 
cuit module: a determining V. » ? ^^''^^^'^tant cir- 
one Of a PurchasTrdTfn.t '"''"^'"'"^ '^^^^ 

-ga.su,tof^js-^^s;2;r:s; 



may e>,.ei.„ ,„ ji^!, "^^^ Process, " ^^"'"■'"S 

apparatus and the anthrJ ^ '^e data Dm 
,Ht...,.cp,„„J,r™™«Pn^^^^^^ 
of the process /no hu » ^^^'^afus may obtain »», 
through po,r,ng ' ^'^'^'^^^ng th/co^'^^^''^^-su,t 
[0O46J ;n the aforem " "lemory 

terr,. the data ProcessZTJ^pZu'''' sys 
status reg,ster 'hd/cat/ng afexl^'^ '"'^'^^^ a ?£" 
processmg requested from "f '""°" ^^^f^s oVZ 
apparatus, and /nc/ud/ng rt/i ^"^''^et/b p^ocel,^^ 
processing apparatus • 1 by the ar/«f ^ 

ing -hetherthTarS ;;-7/.tat.s reg^n.^if 
quested the data process has rt 

process/ng by the (ntlr.,!,?'"9 . apparatus to 'l'^- 
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ing vi'/^et'^erthearithmet/cpVoce, /ndica 
quested the data process has rt 

process/ngbythe/n°erropTrn/PParatus to pZJ^ 
the ar/thrnet/c Process/ng'tra'^r^^-^ - "ag set 5^ 
memory for storing a result ^f. ^' ^"'^ the comm 
f004rj The atol^eSed 

may further mciade a bos forcon' p'^'°'^^^'"9 system 
processing apparatus and the dTr" '"^ ahthmeT 
tus. "^'3 Processin 



may further inciade a bos fo7conTn'';°'^^='"9 system *"'^'^Pf acc^rdZ?'' ''^^S^^'" ^nd toroTn 

processing apparatus and the da " o "' ^"f^"^et,c ^""""9 as a ^te^ ' '""^^-^-nn/ned coSf ^ 

tus. °a^a process/na anr, Process/no = faster; a first tam^ condft;on bs 

fO048J ,n the aforemer,tior,ed d . " °^ ---Varer ^ ''^^''-^^^^^^^^^ '^^'^ 

tern, the data Processing aon^.a^ P'-°^«--'ng sys '"^"^^ to the inte^,'^^'^'^' ""'^'^ -°nten ST'^'^S 

power state after oon.p,e«nrther' ""^^ ^"^^^ a low ^'"'^''-f'^- by ZT'' '""^ ''^ -^iCeSorT 

... nrnar^r. ... ... . ^ execution processing a^p aTS^t^ f for t : ?r?^ 



tern, the data processing aonTr^r 
power state a«er comp/eting the eil" "'^^ ^"^^^ a ,ow 

tem, based on the interrupt received Sn'^T'^'^S ^Vs- 
process<ng apparatus, the data Dro "'^^"'*^'"et/c 
may execute the -nterrupt.rout/ne in ^PP^^atus 
least one of processing tor de^e^^, J';=°^^-nce w/th at 
chase mode and the usage mod^o °' P"r- 

processing for reprodunm^ °^ contenf 



Pafaiu. arasto™? ^°™'"'"' the a.t ^ 
"If by usto„ '"'•OsoLT ""f" ""WbuOon ap. 

.^a^S™-?^™^^^^^^ 

'^''en the purchaL ^° '^anageml„^ '"^ P"'^^ 
"Tned A rtl ® '^P^e of the r«nT apparatus 

'■"^-"t/on theret' '° ' '""'^rlap^ot^!?; "^^^ '^ata. 
'"c/ud/no 'in '5 provided a data o! ^'^^ Present 

*---ptro:s,7r^^°^^^---o^^o^^^^^^^^ 

^«n.ing as a rZ j° ' P'-^^«tem,/ned coSl "^ 
Processinr, = faster; a f/rst tam^ condft/on by 

.^P-3e to the; ::rf^^ -^h conten;^:^i°--'>'9 



least one of processing for deterrn" fno ^''^^"'^^ '^rth a 
chase mode and the usage mod?' °' Pur- 

processing for reproducing the ol ^^ data 

„g.rdo.nioadingthedata2rat;it^ ~ ~ 

m;;:^^~-atapro.essing.,; ^J^^- ^S):- - 

apredeterrnlneduse^pC;;^;''P--usmayex'ecre " ^'e'So::menti "''^^■^^^'^^-^ '^ata 

[0051] According to a further asno.. , '"^^^r include = k ^^"^ ^^ta process/n. 

vention,thereisprovidedairproc° f''«Present/n- r^'^^'^^^ appaTat,?"^^'- -°"nectinrt^^^^^^^^^^^^^ 

whlchco.er.datapro.dedby:S::Z^^-- , Sj^^J^^^-^S^ar::;:^-^^^:^ 



processing aL^'^'"9 ^s a s/ave 7„T!k '''°^^^^'"9 
P^°<^«ss/ng toT'"'- report !n ^ ""'''^'"^'o 

^^coodtaler 1' '^"''"^"^ Prooes?,^^' ^"^'^'^ 

Obtained by o^! ^'^ '^sing the cn f'^''^'^'"^ -^e- 
«^st tamper-res °'^'"9 '""^'^ai auml ^^^'^ 
^o^hpress^r '^"^ ^ata procesl ""'^ the 

^ -Ponse o ' °''''^°"^P^---e^the^^^^^ ^"'^ 
apparatus or th'r^"''' ariS?' 
aPParatus by ^e^:'' '^"'P^-^sistrt/aS f^'^^^^'^S 
P^°<=essingapparaT"' ^ «'ave for ?h^'''°.'^^^^'"9 
processing aTn "^ "''^^ «rst taml anthmet/c 
f0053J rVfr^'"'- "^"'P^^-'-^^'stantdata 



a preaerefminea us 
[0051] According 



serving as a ^'^'"'^et/c ororJ ^P°"se to the in 
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'■"9 an arithmetic . 



perforin mu^uZlT^'^ proems Jno'"°" 
vent,on. there /s orllf ''"^e^a^Pect of 



apparatus performs m T^P®'-''es/stant dJ.; ^ ^^r 
tent data froCn^^^^^/^^"^- ^-<^ r^aSlT' 

tus. A second tamper rl ""'®'''^ P^oceS/n 
ratus decrypts the con I f ^^^^^ pSr^ ^"'^^^a- 
ta and cornpresses ''^'^ ''V^^'Com "PPa- 
in response to the 4° ^^"°'^P^««ses fhe " ^"^'^^J' ^a- 
/.g apparatus ^yZZZT^^'^ ^riZ^lT '^'^ 
processmg apparatus ^ ^ ^'^^^ for the ^^.T^^^^- 
[0058] The atorement/n ^''^ ^^f^'^et/c 

may further /nc/oderrrn ^" ^^'^ P^oces, 



a master; pell^-^^^^tenn/ned co^iv""'"^^'' Intel 



fO°5rj Accord/no m P'-^'^ess/ng a predetlZ'"' ''^'^ arithmV.; '"'^'"Ces tt 

'•ng as a master? /rst t^''^'^'^^^^ conT ^" ^^^P^nse to « Cer /"'^ ""^^^S 

apparatus perfor^.^ ' f '"P^^'^^^'stant daS " ^^'v- ^ "^^^'^^^s by ' ''^^P' '^o^ rSarirf' '"o^u^e 

metic Processm^^'r ''^'^"^'^^"f'catLn '''•°°««s;ng ''^°^«ss/ng apnl, "^'"^ as a s;al ?"""^«° Process 

tent data fror.;?,;^-^^^^^ S^^^''^^ ^^'^^^^^^^^^^^ -PoXV^ WeS 

to the interrupt from h '^''^^^'''S oied/W ^^o"- ,k ^""9. the , """^^'^ Process/no ^'"^ °^ the 

us. A second tar^oe ^"'""'^^2 Procer, ^''^ '^°"f«nt datl faV^'^""'^ ^^'a prolf ^^P^^atus, and 



,:r"9asa°3j -ata pr^o^t^"^ P-ces'sTn 

may further /nCude" a'"T'' '^^^^ P-^es^no Pa^r^ p' ^o^"'^^^ 

processing apparatus fo.i":'' '^^P^r-resTtL?^'^'^ Z ' "^''^ P^esfin'" ''^ «^-t date p 
ofthecontentdataenc^of ''°'^'"9"-9hts o r "^'^ '^ey d^J^^ "9 of content w^^^^^^ 

in response to the inS f '"^^ -on e i ^'^'"9 1?"°"^^ '° i in erT " ^^'"Per- eS' ^'^'='>Pf«ci 



tamper-resistant da ^-'ent daL "oV""^'"^' 
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(54) System and method for processing protected data 



(57) A secure appplicatlon module (SAM) receives 
a secure container in which content data encrypted with 
content key data, the encrypted content key data, and 
usage control policy (UCP) data designating a handling 



policy of the content data are stored, and determines at 
least one of the purchase mode and the usage mode of 
the content data based on the UCP data. The SAM 
serves as a slave for a host CPU, and Is also provided 
with a common memory shared with the host CPU. 
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Description 

[0001] The present invention relates to a data 
processing apparatus and system for perfonning 
processing for provided content data, and a data s 
processing method for such an apparatus and a system. 
[0002] A data providing system for distributing en- 
crypted content data to data processing apparatuses of 
users who have made a predetermined contract and for 
enabling the data processing apparatuses to decode the io 
content data and to read and record it is available. One 
type of such data providing systems is a conventional 
electronic music distribution (EMD) system for distribut- 
ing music data. 

[0003] Fig. 106 is a schematic diagram illustrating a is 
conventional EMD system 700. In the EMD system 700, 
content providers 701a and 701b encrypt content data 
704a, 704b, and 704c, and copyright infonnation 705a, 
705b, and 705c by using session l<ey data obtained after 
performing mutual authentication, and then provide the so 
encrypted data to a service provider 71 0 online or of- 
fline. The copyright information 70Sa, 705b, and 705c 
may include serial copy management system (SCMS) 
Information, digital watermark Infonnation for embed- 
ding copyright Infomiation into the content data, and in- ss 
formation for embedding copyright infonnation into 
transmission protocols of the service provider 710. 
[0004] The service provider 71 0 decodes the received 
content data 704a, 704b, and 704c, and the copyright 
information 705a, 705b, and 705c by the use of the ses- 30 
sion key data. 

[0005] The service provider 710 then embeds the 
copyright infonnation 705a, 705b, and 705c into the de- 
coded content data 704a, 704b, and 704c whteh have 
been received online or offline so as to create content 3s 
data 707a, 707b, and 707c. In this case, as part of the 
copyright infonnation 704a, 704b, and 704c, the service 
provider 710 embeds the digital watermark infonnation 
into the content data 704a, 704b, and 704c by changing 
predetermined frequency domains, and embeds the 40 
SCMS information into network protocols used for trans- 
mitting the content data 704a, 704b, and 704c to the us- 
er. 

[0006] The service provider 710 also encrypts the 
content data 707a, 707b, and 707c by using content key 45 
data Kca, Kcb, and Kcc, respectively, read from a key 
database 706. Subsequently, the service provider 710 
encrypts a secure container 722, which stores the en- 
crypted content data 707a, 707b, and 707c, by using 
session key data obtained after perfonning mutual au- so 
thentication, and sends the encrypted secure container 
722 to a conditional access (CA) module 711 stored in 
a terminal device 709 of the user 
[0007] The CA module 71 1 decodes the secure con- 
tainer 722 by using the session key data. The CA mod- ss 
ule 71 1 also receives the content key data Kca, Kcb, and 
Kcc from the key database 706 of the service provider 
710 by using an accounting function, such as an elec- 



tronic settlement system or a CA, and decodes it by us- 
ing the session key data. This enables the temninal de- 
vice 709 to decode the content data 707a, 707b, and 
707c by using the content key data Kca, Kcb, and Kcc, 
respectively. 

[0008] The CA module 711 perfonns accounting 
processing for each content so as to generate account- 
ing Information 721 . and encrypts it by using the session 
key data and sends It to a rights processing module 720 
of the service provider 710. 

[0009] In this case, the CA module 711 perfonns the 
processing on the items concerning the services provid- 
ed by the service provider 71 0, in other words, the items 
to be managed by the service provider 71 0, such as us- 
er's contract (renewal) information, collection of, for ex- 
ample, a monthly basic fee Incunred by using a network, 
accounting processing for each content, and ensuring 
the security of the physical layer of the network. 
[0010] Upon receivingthe accounting infonnation 721 
from the CA module 711, the service provider 710 dis- 
tributes the profits between the service provider 71 0 and 
the content providers 701a, 701b, and 701c. In this 
case, the profits are distributed from the service provider 
710 to the content providers 701a, 701b, and 701c via 
an intermediary, for example, the-Japanese Society for 
Rights of Authors, Composers and Publishers (JAS- 
RAC). JASRAC also distributes the profits of the content 
providers 701 a, 701 b, and 701 c to the copyright holder, 
the artist, the composer, the writer, and the production 
company of the content data, etc. 
[0011] In recording the content data 707a, 707b, and 
707c decoded with the content key data Kca, Kcb, and 
Kcc, respectively, on a recording medium 723, such as 
a random access memory (RAIVI), the terminal device 
709 performs copy control by ovenwriting the SCMS bits 
of the copyright infonnation 705a, 705b, and 705c. That 
is, the user perfonns copy control based on the SCMS 
bits embedded into the content data 707a, 707b, and 
707c, thereby implementing copyright protection. 
[0012] The SCMS prohibits the copying operation of 
the content data, for example, for two or more genera- 
tions (copy free), but allows unlimited one-generation 
copying (copy once), and is thus insufficient for copy- 
right protection. 

[0013] In the above-described EMD system 700, it Is 
necessary for the content provider 701 to monitor the 
action of the sen/lce provider 710, who is technically 
able to freely handle the unencrypted content data, and 
the profit of the content providers 701a, 701b, and 701c 
may be unfairly 5 exploited. 

[0014] Additionally, in the EMD system 700, it is diffi- 
cult to restrict illegal actions of the user's terminal device 
709, such as authoring the content data distributed from 
the service provider 710 and re-distributing it to another 
10 terminal device, thereby also unfairly exploiting the 
profits of the content providers 701a, 701b, and 701c. 
[0015] Accordingly, in addressing the aforementioned 
problems Inherent in the related art, it is an aim of at 
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least an embodiment of the present invention to provide 
a 1 5 data processing apparatus, a data processing sys- 
tem, and a data processing method therefor, for suitably 
protecting the profits of a content-rights holder, such as 
a content provider. 5 
[0016] It is another aim to provide a data processing 
20 apparatus, a data processing system, and a data 
processing method therefor, for reducing a load for pro- 
tecting the profits of a content-rights holder, such as a 
content provider. io 
[0017] According to one aspect of the present inven- 
tion, there Is provided a data processing apparatus for 
perfonning rights processing of content data encrypted 
with content key data based on usage control policy 
(UCP) data, and for decrypting the encrypted content 's 
key data. The data processing apparatus include within 
a tamper-resistant circuit module: a first bus; an arith- 
metic processing circuit connected to the first bus, for 
performing the rights processing of the content data 
based on the UCP data; a storage circuit connected to so 
the first bus; a second bus; a first Interface circuit inter- 
posed between the first bus and the second bus; an en- 
cryption processing circuit connected to the second bus, 
for decrypting the content key data; and an external bus 
interface circuit connected to the second bus. 25 
[0018] According to the aforementioned data 
processing apparatus, content data, corresponding 
content key data, and con-esponding UCP data are dis- 
tributed, and also, license key data for decrypting the 
content key data is distributed. The license key data Is so 
stored, for example, in the above-described storage cir- 
cuit. 

[0019] Then, In response to an instruction to perform 
ri ghts processing from an external arithmetic processing 
apparatus via the external bus Interface circuit, the 35 
rights processing of the content data based on the UCP 
data Is executed In the aforementioned arithmetic 
processing circuit. Thereafter, the content key data Is 
decrypted In the arithmetic processing circuit by using 
the license key data read from the storage circuit. 
[0020] The aforementioned data processing appara- 
tus performs mutual authentication with another decod- 
ing apparatus, and encrypts the decrypted content key 
data and content data by using the session key data ob- 
tained by mutual authentication, and sends them to the -ts 
decoding apparatus. 

[0021] In the aforementioned data processing appa- 
ratus may further include a second Interface circuit with- 
in the tamper-resistant circuit module. The first bus may 
include a third bus connected to the arithmetic process- so 
ing circuit and the storage circuit, and a fourth bus con- 
nected to the first interface circuit, and the second inter- 
face circuit may be interposed between the third bus and 
the fourth bus. 

[0022] The aforementioned data processing appara- ss 
tus may further include within the tamper-resistant cir- 
cuit module: a fifth bus; a third interface circuit connect- 
ed to the fifth bus, for performing communication with a 



data processing circuit having an authentication func- 
tion which is loaded on one of a recording medium and 
an integrated circuit card; and a fourth Interface circuit 
Interposed between the fourth bus and the fifth bus. 
[0023] In the aforementioned data processing appa- 
ratus, the encryption processing circuit may include a 
public-key encryption circuit and a common-key encryp- 
tion circuit. 

[0024] In the aforementioned data processing appa- 
ratus, the storage circuit may store private key data of 
the data processing apparatus and public key data of a 
second data processing apparatus. The public-key en- 
cryption circuit may verify the integrity of signature data, 
which verifies the integrity of the content data, the con- 
tent key data, and the UCP data, by using the corre- 
sponding public key data. When recording the content 
data, the content key data, and the UCP data on a re- 
cording medium or when sending them to the second 
data processing apparatus, the public-key encryption 
circuit may create signature data, which verifies the In- 
tegrity of the content data, the content key data, and the 
UCP data, by using the private key data. The common- 
key encryption circuit may decrypt the content key data, 
and when sending the content data, the content key da- 
ta, and the UCP data to the second data processing ap- 
paratus online, the common-key encryption circuit may 
encrypt and decrypt the content data, the content key 
data, and the UCP data by using session key data ob- 
tained by perfonning mutual authentication with the sec- 
ond data processing apparatus. 
[002S] The aforementioned data processing appara- 
tus may further Include a hash-value generating circuit 
within the tamper-resistant circuit module, for generat- 
ing hash values of the content data, the content key data 
and the UCP data. The public-key encryption circuit may 
verify the integrity of the signature data and may create 
the signature data by using the hash values. 
[0026] The aforementioned data processing appara- 
tus may further Include a random-number generating 
circuit within the tamper-resistant circuit module. The 
random-number generating circuit may be connected to 
the second bus, tor generating a random number for 
performing mutual authentication with the second data 
processing apparatus when sending the content data, 
the content key data, and the UCP data to the second 
data processing apparatus online. 
[0027] In the aforementioned data processing appa- 
ratus, the external bus interface circuit may be connect- 
ed to an external storage circuit for storing at least one 
of the content data, the content key data, and the UCP 
data. 

[0028] The data processing apparatus may further in- 
clude a storage-circuit control circuit for controlling ac- 
cess to the storage circuit and access to the external 
storage circuit via the external bus Interface circuit in 
accordance with a command from the arithmetic 
processing circuit. 

[0029] In the aforementioned data processing appa- 
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ratus, the external bus interface circuit may be connect- 
ed to a host arithmetic processing apparatus for central- 
ly controlling a system on which the data processing ap- 
paratus is loaded. 

[0030] The aforementioned data processing appara- 
tus may further include a storage management circuit 
for managing an address space of the storage circuit 
and an address space of the external storage circuit. 
[0031] In the aforementioned data processing appa- 
ratuS; the arithmetic processing circuit may determine 
at least one of a purchase mode and a usage mode of 
the content data based on a handling policy Indicated 
by the UCP data, and may create log data Indicating a 
result of the determined mode. 

[0032] In the aforementioned data processing appa- 
ratus, after determining the purchase mode, the arith- 
metic processing circuit may create usage control status 
data in accordance with the determined purchase mode, 
and may control the use of the content data based on 
the usage control status data. 

[0033] In the aforementioned data processing appa- 
ratus, in recording the content data, for which the pur- 
chase mode is determined, on a recording medium, the 
common-key encryption circuit may encrypt the content 
key data and the usage control status data by using me- 
dium key data corresponding to the recording medium. 
[0034] In the aforementioned data processing appa- 
ratus, the content key data may be encrypted with li- 
cense key data having an effective period. The storage 
circuit may store the license key data. The data process- 
ing apparatus may further include a real time clock for 
generating real time. The arithmetic processing circuit 
may read the effective license l<ey data from the storage 
circuit based on the real time indicated by the real time 
clock. The common-key encryption circuit may decrypt 
the content key data by using the read license key data. 
[0035] In the data processing apparatus, the storage 
circuit may write and erase data in units of blocks. The 
data processing apparatus may include within the 
tamper-resistant circuit module, a write-lock control cir- 
cuit for controlling the writing and erasing of the data 
into and from the storage circuit in units of blocks under 
the control of the arithmetic processing circuit. 
[0036] According to another aspect of, the present in- 
vention, there is provided a data processing apparatus 
for performing rights processing of content data encrypt- 
ed with content key data based on UCP data, and for 
decrypting the encrypted content key data. The data 
processing apparatus includes within a tamper-resistant 
circuit module: a first bus; an arithmetic processing cir- 
cuit connected to the first bus, for performing the rights 
processing of the content data based on the UCP data; 
a storage circuit connected to the first bus; a second 
bus; an interface circuit interposed between the first bus 
and the second bus; an encryption processing circuit 
connected to the second bus, for decrypting the content 
key data; and an external bus interface circuit connected 
to the second bus. Upon receiving an interrupt from an 



external circuit via the external bus interface circuit, the 
arithmetic processing circuit becomes a slave for the ex- 
ternal circuit so as to.perform processing designated by 
the interrupt, and reports a result of the processing to 

5 the external circuit. 

[0037] In the aforementioned data processing appa- 
ratus, the arithmetic processing circuit may report the 
result of the processing by outputting an interrupt to the 
external circuit. 

10 [0038] In the aforementioned data processing appa- 
ratus, the external bus interface may include a common 
memory for the arithmetic processing circuit and the ex- 
ternal circuit. The arithmetic processing circuit may write 
the result of the processing into the common memory, 

'5 The external circuit may obtain the resultof the process- 
ing by polling. 

[0039] In the aforementioned data processing appa- 
ratus, the external bus interface may include: a first sta- 
tus register indicating an execution status of the 

20 processing requested from the external circuit in the 
arithmetic processing circuit, and including a flag set by 
the arithmetic processing circuit and read by the exter- 
nal circuit; a second status register indicating whether 
the external circuit has requested the arithmetic 

25 processing circuit to perform processing, and including 
a flag set by the external circuit and read by the arith- 
metic processing circuit; and the common memory for 
storing a result of the processing. 
[0040] In the aforementioned data processing appa- 

30 ratus, the storage circuit may store an interrupt program 
describing the processing designated by the inten-upt, 
and the arithmetic processing circuit may perfomi the 
processing by executing the interrupt program read from 
the storage circuit. 

35 [0041] In the data processing apparatus, the storage 
circuit may store a plurality of the interrupt programs, 
and a plurality of sub-routines to be read when executing 
the interrupt program. The arithmetic processing circuit 
may appropriately read and execute the sub-routines 

''o from the storage circuit when executing the interrupt 
program read from the storage circuit. 
[0042] According to another aspect of the present in- 
vention, there is provided a data processing system in- 
cluding: an arithmetic processing apparatus, for execut- 

"•s ing a predetermined program and for outputting an in- 
terrupt according to a predetermined condition by serv- 
ing as a master; and a data processing apparatus, for 
performing predetermined processing in response to 
the interrupt from the arithmetic processing apparatus 

50 by sen/ing as a slave for the arithmetic processing ap- 
paratus, and for reporting a result of the processing to 
the arithmetic processing apparatus. The data process- 
ing apparatus may include within a tamper-resistant cir- 
cuit module: a determining unit for determining at least 

ss one of a purchase mode and a usage mode of content 
data based on a handling policy indicated by the UCP 
data; a log data generator for generating log data indi- 
cating a result of the determined mode; and a decryption 
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unit for decrypting the content key data. 
[0043] In the aforementioned data processing sys- 
tem, upon receiving the interrupt indicating an intenrupt 
type, the arithmetic processing apparatus may output to 
the data processing apparatus an interrupt indicating an 
instruction to execute an interrupt routine corresponding 
to the interrupt type. The data processing apparatus 
may execute the interrupt routine corresponding to the 
interrupt type of the interrupt received from the arithme- 
tic processing apparatus. 

[0044] In the aforementioned data processing sys- 
tem, the data processing apparatus may report a result 
of the processing by outputting an interrupt to the arith- 
metic processing apparatus. 

[0045] In the aforementioned data processing sys- 
tem, the data processing apparatus may include a com- 
mon memory which is accessible bythe data processing 
apparatus and the arithmetic processing apparatus. The 
arithmetic processing apparatus may obtain the result 
of the processing by accessing the common memory 
through polling. 

[0046] In the aforementioned data processing sys- 
tem, the data processing apparatus may include a first 
status register Indicating an execution status of the 
processing requested from the arithmetic processing 
apparatus, and including a flag read by the arithmetic 
processing apparatus; a second status register Indicat- 
ing whetherthe arithmetic processing apparatus has re- 
quested the data processing apparatus to perfomn 
processing by the interrupt, and including a flag set by 
the arithmetic processing apparatus; and the common 
memory for storing a result of the processing. 
[0047] The aforementioned data processing system 
may further include a bus for connecting the arithmetic 
processing apparatus and the data processing appara- 
tus. 

[0048] In the aforementioned data processing sys- 
tem, the data processing apparatus may enter a low 
power state after completing the execution of one of an 
initial program and the interrupt routine. 
[0049] In the aforementioned data processing sys- 
tem, based on the interrupt received from the arithmetic 
processing apparatus, the data processing apparatus 
may execute the interrupt routine in accordance with at 
least one of processing for determining one of the pur- 
chase mode and the usage mode of the content data, 
processing for reproducing the content data, and 
processing for downloading the data from a certifying 
authority. 

[0050] In the aforementioned data processing sys- 
tem, the arithmetic processing apparatus may execute 
a predetermined user program. 

[0051] According to a further aspect of the present in- 
vention, there is provided a data processing system In 
which content data provided by a data providing appa- 
ratus is received from a data distribution apparatus, and 
Is managed by a management apparatus. The data 
processing system includes: a first processing module 



for receiving from the data distribution apparatus a mod- 
ule in which content data encrypted with content key da- 
ta, the encrypted content key data, UCP data indicating 
a handling policy of the content data, and price data for 
5 the content data detennined by the data distribution ap- 
paratus are stored, and for decrypting the received mod- 
ule by using common key data, and for performing ac- 
counting processing for a distribution service of the 
module by the data distribution apparatus. An arithmetic 
10 processing apparatus executes a predetermined pro- 
gram and outputs an Interrupt according to a predeter- 
mined condition by serving as a master. A data process- 
ing apparatus perfomns predetennined processing in re- 
sponse to the interrupt from the arithmetic processing 
*5 apparatus by serving as a slave for the arithmetic 
processing apparatus, and reports a result of the 
processing to the arithmetic processing apparatus. The 
data processing apparatus Includes within a tamper-re- 
sistant circuit module: a detennining unit for determining 
at least one of a purchase mode and a usage mode of 
the content data based on the handling policy indicated 
by the UCP data stored In the received module. A log 
data generator generates log data indicating a result of 
the detennined mode. An output unit outputs the price 
data and the log data to the management apparatus 
when the purchase mode of the content data is deter- 
mined. A decryption unit decrypts the content key data. 
[0052] According to a yet further aspect of the present 
invention, there is provided a data processing system 
including: an arithmetic processing apparatus for exe- 
cuting a predetermined program and for outputting an 
interrupt according to a predetemnined condition by 
serving as a master; a first tamper-resistant data 
processing apparatus for performing rights processing 
of content data encrypted with content key data in re- 
sponse to the interrupt from the arithmetic processing 
apparatus by serving as a slave for the arithmetic 
processing apparatus, and tor reporting a result of the 
processing to the arithmetic processing apparatus. A 
second tamper-resistant data processing apparatus de- 
crypts the content data by using the content key data 
obtained by performing mutual authentication with the 
first tamper-resistant data processing apparatus and 
compresses or decompresses the content data in re- 
sponse to the interrupt from the arithmetic processing 
apparatus or the first tamper-resistant data processing 
apparatus by serving as a slave for the arithmetic 
processing apparatus or the first tamper-resistant data 
processing apparatus. 

[0053] The aforementioned data processing system 
may further include a bus for connecting the arithmetic 
processing apparatus, the first tamper- resistant data 
processing apparatus, and the second tamper-resistant 
data processing apparatus. 

[0054] According to a further aspect of the present in- 
vention, there Is provided a data processing system in- 
cluding: an arithmetic processing apparatus for execut- 
ing a predetermined program and for outputting an In- 
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terrupt according to a predetermined condition by serv- 
ing as a master. A first tamper-resistant data processing 
apparatus perfonns rights processing of content data 
encrypted with content key data in response to the in- 
terrupt from the arithmetic processing apparatus by 
serving as a slave forthe arithmetic processing appara- 
tus, and reports a result of the processing to the arith- 
metic processing apparatus. A second tamper-resistant 
data processing apparatus performs mutual authentica- 
tion with the arithmetic processing apparatus and reads 
and writes the content data from and into a recording 
medium in response to the interrupt output from the 
arithmetic processing apparatus. 

[0055] In the aforementioned data processing sys- 
tem, the second tamper-resistant processing apparatus 
may decrypt and encrypt the content data by using me- 
dium l<ey data corresponding to the recording medium. 
[0056] In the aforementioned data processing sys- 
tem, when the recording medium is provided with a 
processing circuit having a mutual authentication func- 
tion, the second tamper-resistant processing apparatus 
may perfonn mutual authentication with the processing 
circuit. 

[0057] According to a further aspect of the present in- 
vention, there is provided a data processing system in- 
cluding: an arithmetic processing apparatus for execut- 
ing a predetermined program and for outputting an in- 
terrupt according to a predetemnined condition by serv- 
ing as a master. A first tamper-resistant data processing 
apparatus performs mutual authentication with the arith- 
metic processing apparatus and reads and writes con- 
tent data from and into a recording medium in response 
to the interrupt from the arithmetic processing appara- 
tus. A second tamper-resistant data processing appa- 
ratus decrypts the content data by using content key da- 
ta and. compresses or decompresses the content data 
in response to the interrupt from the arithmetic process- 
ing apparatus by serving as a slave for the arithmetic 
processing apparatus. 

[0058] The aforementioned data processing system 
may further include a storage circuit for temporarily stor- 
ing the content data read from the recording medium by 
the first tamper-resistant data processing apparatus, 
and outputs the stored content data to the second 
tamper-resistant data processing apparatus. 
[0059] In the aforementioned data processing sys- 
tem, the storage circuit may utilize part of a storage area 
of an anti-vibration storage circuit. 
[0060] The aforementioned data processing system 
may further include a third tamper-resistant data 
processing apparatus for performing rights processing 
of the content data encrypted with the content l<ey data 
in response to the interrupt from the arithmetic process- 
ing apparatus by serving as a slave for the arithmetic 
processing apparatus, and for reporting a result of the 
processing to the arithmetic processing apparatus. 
[0061] According to a further aspect of the present in- 
vention, there is provided a data processing method us- 



ing an arithmetic processing apparatus and a data 
processing apparatus. The data processing method in- 
cludes the steps of: executing, in the arithmetic process- 
ing apparatus, a predetermined program and outputting 

5 an interrupt according to a predetennined condition by 
serving as a master; and determining, in the data 
processing apparatus, at least one of a purchase mode 
and a usage mode of content data based on a handling 
policy of UCP data, creating log data indicating a result 

10 of the determined mode, and decrypting content key da- 
ta, within a tamper-resistant circuit module in response 
to the interrupt from the arithmetic processing apparatus 
by serving as a slave for the arithmetic processing ap- 
paratus. 

15 [0062] According to another aspect of the present In- 
vention, there is provided a data processing method us- 
ing an arithmetic processing apparatus, a first data 
processing apparatus, and a second data processing 
apparatus. The data processing method includes the 

20 steps of: executing, in the arithmetic processing appa- 
ratus, a predetermined program and outputting an inter- 
rupt according to a predetermined condition by serving 
as a master; perfomning, in the first data processing ap- 
paratus, rights processing of content data encrypted 

25 with content key data within a tamper-resistant module 
in response to the intermpt from the arithmetic process- 
ing apparatus by serving as a slave for the arithmetic 
processing apparatus, and reporting a result of the 
processing to the arithmetic processing apparatus; and 

30 decrypting, in the second data processing apparatus, 
the content data by using the content key data obtained 
by performing mutual authentication with the first data 
processing apparatus and compressing or decompress- 
ing the content data within a tamper-resistant module in 

35 response to the interrupt from the arithmetic processing 
apparatus or the first data processing apparatus by 
serving as a slave forthe arithmetic processing appara- 
tus or the first data processing apparatus. 
[0063] According to still another aspect of the present 

40 invention, there is provided a data processing method 
using an arithmetic processing apparatus, a first data 
processing apparatus, and a second data processing 
apparatus. The data processing method includes the 
steps of: executing, in the arithmetic processing appa- 
ls ratus, a predetermined program and outputting an inter- 
rupt according to a predetermined condition by serving 
as a master; perfomning, in the first data processing ap- 
paratus, rights processing of content data encrypted 
with content key data within a tamper-resistant module 

50 in response to the interrupt from the arithmetic process- 
ing apparatus by serving as a slave for the arithmetic 
processing apparatus, and reporting a result of the 
processing to the arithmetic processing apparatus; and 
performing, in the second data processing apparatus, 

55 mutual authentication with the arithmetic processing ap- 
paratus, and reading and writing the content data from 
and into a recording medium within a tamper-resistant 
module in response to the interrupt from the arithmetic 
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processing apparatus. 
[0064] According to a further aspect of the present in- 
vention, there is provided a data processing method us- 
ing an arithmetic processing apparatus, a first data 
processing apparatus, and a second data processing 5 
apparatus. The data processing method inciudes the 
steps of: executing, in the arithmetic processing appa- 
ratus, a prGdetemiined program and outputting an inter- 
rupt according to a predetermined condition by serving 
as a master; performing, in the first data processing ap- io 
paratus, mutual authentication with the arithmetic 
processing apparatus, and reading and writing content 
data from and into a recording medium within a tamper- 
resistant module in response to the interrupt from the 
arithmetic processing apparatus; and decrypting, in the »s 
second data processing apparatus, the content data by 
using content key data and compressing or decom- 
pressing the content data within a tamper-resistant 
module in response to the interrupt from the arithmetic 
processing apparatus by serving as a slave forthe arith' 2° 
metic processing apparatus. 

[0065] The Invention will now be described by way of 
example with reference to the accompanying drawings, 
throughout which lll<e parts are referred to by like refer- 
ences, and in which: 25 

Fig. 1 is a blocl< diagram illustrating the overall con- 
figuration of an EMD system according to a first em- 
bodiment of the present invention; 
Fig. 2 illustrates the concept of a secure container 30 
used in the present invention; 
Figs. 3A, 3B, and 3C Illustrate the format of the se- 
cure container sent from a content provider to a se- 
cure application module (SAM) shown in Fig. 1 ; 
Fig. 4 illustrates details of data contained in a con- 35 
tent file shown in Fig. 3A; 

Fig. 5 illustrates details of data contained in a key 

file shown in Fig. 3B; 

Fig. 6 illustrates the registration and the transfer of 
the key file'between the content provider and an to 
electronic music distribution (EMD) center shown in 
Fig. 1; 

Fig. 7 illustrates header data contained in the con- 
tent file; 

Fig. 8 illustrates a content ID; 45 
Fig. 9 illustrates the directory structure of the secure 

container; 

Fig. 10 illustrates the hyperlink structure of the se- 
cure container; 

Fig. 11 illustrates one example of a recording me- so 
dium (ROM) used in the first embodiment; 
Fig. 12 illustrates another example of a recording 
medium (ROM) used in the first embodiment; 
Fig. 13 illustrates still another example of a record- 
ing medium (ROM) used in the first embodiment; ss 
Fig. 14 illustrates an example of a recording medi- 
um (RAM) used in the first embodiment; 
Fig. 15 illustrates another example of a recording 



medium (RAM) used in the first embodiment; 
Fig. 16 illustrates still another example of a record- 
ing medium (RAM) used in the first embodiment; 
Figs. 17, 18, and 19 are a flow chart illustrating 
processing for creating the secure container by the 
content provider; 

Fig. 20 illustrates the functions of the EMD service 
center shown in Fig. 1; 

Fig. 21 illustrates usage log data shown in Fig. 1 ; 
Fig. 22 Is a block diagram Illustrating an example of 
the configuration of a network device within a user 
home network shown in Fig. 1 ; 
Fig. 23 illustrates the relationship between a host 
CPU and a SAM shown in Fig. 22; 
Fig. 24 illustrates the software configuration imple- 
menting a SAM; 

Fig. 25 illustrates an external interrupt to be output 
to the host CPU; 

Fig. 26 illustrates an internal interrupt to be output 
from the host CPU; 

Fig. 27 illustrates function calls output from the host 
CPU; 

Fig. 28 illustrates the processing status of a CPU of 
the SAM; 

Fig. 29 illustrates memory spaces of the host CPU 

and the SAM; 

Fig. 30 is a functional block of a SAM within the user 
home network shown in Fig. 1 , and also illustrates 
the data flow when the secure container received 
from the content provider is decoded; 
Fig. 31 illustrates data to be stored in an external 
memory shown in Fig. 22; 

Fig. 32-illustrates data to be stored in a work mem- 
ory; 

Fig. 33 is a block diagram illustrating another exam- 
ple of the configuration of the network device within 
the user home networi< shown in Fig. 1 ; 
Fig. 34 illustrates data to be stored in a storage unit 
shown in Fig. 30; 

Fig. 35 is a flow chart illustrating the processing per- 
fomned by the SAM for receiving the license key da- 
ta from the EMD service center; 
Fig. 36 is a flow chart illustrating the processing per- 
fonned by the SAM for receiving the secure contain- 
er; 

Fig. 37 is a functional block diagram of a SAM within 
the user home network shown in Fig. 1 , and also 
illustrates the data flow when the content data is uti- 
lized and purchased; 

Fig. 38 is a flow chart illustrating the processing by 
the SAM for determining the purchase mode of the 
content data; 

Figs. 39A through 39D illustrate the secure contain- 
er for which the purchase mode is detennined; 
Fig. 40 is a flow chart illustrating the processing per- 
fonned by the SAM for playing back the content da- 
ta; 

Fig. 41 is a block diagram illustrating the operation 
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of transferring the content file, for which the pur- 
chase mode is detennlned, downloaded Into a 
download memory of the network device shown in 
Fig. 22 to a SAM of an audio-visual (AA/) machine, 
and re-purchasing the content file in the AA/ ma- s 
chine; 

Fig. 42 illustrates the data flow within the receiver 
SAM shown in Fig. 41 ; 

Fig. 43 is a flow chart Illustrating the processing 
shown In Fig. 42; 10 
Figs. 44A through 44D illustrate the fomriat of the 
secure container to be transferred in Fig. 41 ; 
Fig. 45 illustrates the data flow when the received 
content file in the receiver SAM shown in Fig. 41 is 
written into a recording medium (ROM or RAM); '5 
Figs. 46 and 47 are a flow chart Illustrating the 
processing by the receiver SAM shown in Fig. 41; 
Fig. 48 illustrates various purchase modes in the 
SAMs within the user home network shown in Fig. 1 ; 
Fig. 49 Illustrates the data flow within an A/V ma- 20 
chine when the recording medium (ROM) shown in 
Fig. 1 1 , for which the purchase mode is not deter- 
mined, is distributed offline to the user home net- 
work, and the purchase mode of the content file is 
determined by the AA/ machine; 2s 
Fig. 50 illustrates the data flow within the SAM of 
the AA/ machine shown in Fig. 49; 
Fig. 51 is a flow chart Illustrating the processing per- 
fonned by the SAM of the A/V machine shown in 
Fig. 49; 30 
Fig. 52 illustrates the processing for reading the se- 
cure container, for which the purchase mode is not 
detennlned, from a recording medium (ROM) of an 
/W machine within the user home network, and for 
transferring the secure container to another /W 3s 
machine and writing it into a recording medium 
(RAM); 

Fig. 53 illustrates the data flow within the receiver 
SAM shown in Fig. 52; 

Figs. 54A through 54D illustrate the fonnat of the 40 
secure container transfen-ed from the sender SAM 
to the receiver SAM shown in Fig. 52; 
Figs. 55 and 56 are a flow chart illustrating the 
processing perfonnned by the sender SAM and the 
receiver SAM shown In Fig. 52; '*s 
Fig. 57 illustrates the data flow within the receiver 
SAM shown in Fig, 52; 

Fig. 58 illustrates an example of connection models 
of the devices via a bus within the user home net- 
work; 50 
Fig. 59 illustrates the data format of a SAM regis- 
tration list created by the SAM; 
Fig. 60 illustrates the fomnat of a public-key certifi- 
cate revocation list created by the EMD service 
center; 55 
Fig. 61 illustrates the data fomnat of the SAM regis- 
tration list created by the EMD senrlce center; 
Fig. 62 illustrates a security function of the SAM; 



Fig. 63 illustrates an example of loading models of 
various SAMs in the network device of the user 
home network shown in Fig. 1 ; 
Fig. 64 illustrates the detailed circuit configuration 
of a download memory and peripheral circuits 
shown in Fig. 63; 

Fig. 65 illustrates the relationship between the host 
CPU and the SAM shown in Fig. 63; 
Fig. 66 illustrates the relationship among the host 
CPU, the SAM, the A/V compression/decompres- 
sion SAM, and the recording medium shown in Fig. 
63; 

Fig. 67 illustrates the relationship among the host 
CPU, the medium drive SAM, and the /W compres- 
sion/decompression SAM shown in Fig. 63; 
Fig. 68 illustrates one example of the circuit module 
of a rights processing SAM; 
Fig. 69 illustrates one example of hardware config- 
uration within the SAM configured as the circuit 
module shown In Fig. 68; 

Fig. 70 illustrates an address space of the rights 
processing SAM; 

Fig. 71 illustrates an address space of the host 
CPU; 

Fig. 72 illustrates another example of the circuit 

module of the rights processing SAM; 

Fig. 73-illustrates a circuit module of the medium 

SAM; 

Fig. 74 Illustrates storage data in the medium SAM 
of a recording medium (ROM) when the ROM is 
shipped; 

Fig. 75 illustrates storage data in the medium SAM 
of the recording medium (ROM) after registration is 
conducted; 

Fig. 76 illustrates storage data in the medium SAM 
of a recording medium (RAM) when the RAM is 
shipped; . 

Fig. 77 illustrates storage data in the medium SAM 
of the recording medium (RAM) when registration 
is conducted; 

Fig. 78 illustrates an example of a circuit module of 
the A/V compression/decompression SAM; 
Fig. 79 Illustrates an example of a circuit module of 
the medium drive SAM; 

Fig. 80 is a flow chart illustrating the overall opera- 
tion of the EMD system shown in Fig. 1 ; 
Fig. 81 illustrates examples of distribution protocols 
forthe secure container used in the EMD system of 
the first embodiment; 

Fig. 82 is a block diagram illustrating the overall 
configuration of an EMD system according to a sec- 
ond embodiment of the present invention; 
Fig. 83 is a flow chart illustrating the processing for 
creating a secure container In a service provider; 
Figs. 84A through 84D illustrate the format of the 
secure container sent from the service provider to 
the user home network shown in Fig. 82; 
Fig. 85 illustrates the sending format of a content 



15 



EP1 130 492 A2 



file stored in the secure container sliown In Figs. 
84A through 84D; 

Fig. 86 illustrates the sending fomriat of a key file 
stored in the secure container shown in Figs. 84A 
through 84D; 

Fig. 87 illustrates the functions of the EMD service 
center shown in Fig. 82; 

Fig. 88 is a blocl< diagram illustrating a network de- 
vice shown In Fig. 82; 

Fig. 89 is a functional block diagram illustrating a 
CA module shown in Fig. 88; 
Fig. 90 is a functional block diagram Illustrating a 
SAM shown in Fig. 82, and also Illustrates the data 
flow when the secure container is received and de- 
coded; 

Fig. 91 iiiustrates data to be stored in a work mem- 
ory shown in Fig. 90; 

Fig. 92 is a functional block diagram illustrating the 
SAM shown in Fig. 82, and also illustrates the data 
flow when the purchase and usage modes of the 
content are determined; 

Fig. 93 Is a flow chart Illustrating the processing for 
receiving the secure container by the SAM shown 

in Fig. 82; 

Fig. 94 is a block diagram illustrating the operation 
of transferring the content file, for which the pur- 
chase mode is determined, downloaded into a 
download memory of the network device shown in 
Fig. 82 to a SAM of an A/V machine; 
Fig. 95 illustrates the data flow within the receiver 
SAM shown In Fig. 94; 

Fig. 96 is a flow chart illustrating the processing per- 
fomned by the sender SAM shown in Fig. 95; 
Figs. 97A through 97E illustrate the fomiat of the 
secure container transferred from the sender SAM 
to the receiver SAIV1 shown in Fig. 94; 
Fig. 98 iiiustrates the data flow within the receiver 
SAM shown in Fig. 94; 

Figs. 99 and 100 are a flow chart illustrating the 
processing perfomned by the receiver SAM shown 

in Fig. 94; 

Fig. 101 Illustrates an example of connection mod- 
els of the SAMs within the user home network 
shown In Fig. 82; 

Figs. 102 and 103 are a flow chart illustrating the 
overall operation of the EMD system shown in Fig. 
82; 

Fig. 1 04 illustrates an example of service models of 
the EMD system shown in Fig. 82; 
Fig. 105 illustrates distribution protocols for the se- 
cure container employed in the EMD system shown 
in Fig. 82; and 

Fig. 106 is a block diagram illustrating a convention- 
al EMD system. 

[0066] An electronic music distribution (EMD) system 
according to an embodiment of the present invention is 
first described below. 



First Embodiment 

[0067] Fig. 1 is a block diagram illustrating an EMD 
system 1 00 constructed in accordance with an embcd- 

5 iment of the present invention. 

[0068] in this embodiment, the "content data" to be 
distributed to users is digital data having meaningful in- 
formation, which is described beiow by taking music da- 
ta as an example. 

10 [0069] The EMD system 100 includes, as shown in 
Fig. 1 , a content provider 101 , an EMD service center 
(clearing house, may be hereinafter simply referred to 
as the "ESC") 1 02, and a user home network 1 03. 
[0070] The content provider 101, the EiVlD service 

'5 center 102, and secure application modules (SAMs) 
105., through 1064 respectively correspond to a data 
providing apparatus, a data management apparatus, 
and a data processing apparatus of the present inven- 
tion. 

20 [0071 ] An overview of the EMD system 1 00 Is first dis- 
cussed. The EMD system 1 00 sends to the EMD service 
center 102, which is a highly reliable authorizing organ- 
ization, content key data Kc used for encrypting content 
data C to be provided, UCP (UCP) data 106 indicating, 

25 for example, the license agreement conditions of the 
content data C, and digital-watermark information con- 
trol data indicating the content of digital watennark in- 
formation and the position in which digital watermark in- 
formation is embedded. 

30 [0072] The EMD servicecenter 102 registers (authen- 
ticates or authorizes) the content key data Kc, the UCP 
data 106, and the digital-watennark Information control 
data received from the content provider 101 . 
[0073] The EMD service center 1 02 also creates a key 

35 file KF, which stores the content key data Kc encrypted 
witin license key data KD., through KDg of corresponding 
periods, the UCP data 106, and signature data of the 
EMD service center 102, and sends the key file KF to 
the content provider 101. 

40 [0074] The signature data is used for verifying the in- 
tegrity of the key file KF and the identity of the creator 
of the key file KF, and the official registration of the key 
file KF in the EMD service center 1 02. 
[0075] The content provider 1 01 creates a content file 

■*5 OF by encrypting the content data C with the use of the 
content key data Kc, and distributes a secure container 
104 (corresponding to a module of the present inven- 
tion), which stores the content file OF, the key file KF 
received from the EMD service center 1 02, and the sig- 

50 nature data of the content provider 101, to the user 
home network 103 via a network, such as the Internet, 
or a digital broadcast, or package media, such as a re- 
cording medium. 

[0076] The signature data stored In the secure con- 
5s tainer 1 04 is used for verifying the Integrity of the corre- 
sponding data and the identity of the creator and the 
sender of the data. 

[0077] The user home network 1 03 includes, for ex- 
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ample, a network device 160^, and audio-visual (AV) 
machines I6O2 through I6O4. The network device 160^ 
has a built-in SAM 1 05^ . Th A/V machines 1 6O2 through 
I6O4 have built-in SAMs 1052 through 1054, respective- 
ly. The SAMs 1 0S^ through 1064 are interconnected with s 
each other via a bus 191 , such as an IEEE-1394 serial 
interface bus. 

[0078] The SAMs 105, through 1064 decode the se- 
cure container 1 04 received from the content provider 
101 online via, for exampie, a network, and/or the se- 'o 
cure container 104 supplied from the content provider 

101 to the A/V machines I6O2 through I6O4 offline via 
a recording medium, by using the ilcense key data KD^ 
through KD3 of corresponding periods, and then verify 

the signature data. 's 
[0079] The secure container 1 04 supplied to the SAM 
105^ through IO54 is then ready to be played back or 
recorded on a recording medium in the network device 
160, and the A/V machines I6O2 through 1604afterthe 
purchase/usage mode of the secure container 1 04 has 20 
been detennined by a user's operation. 
[0080] The SAMs 105., through 1064 record the pur- 
chase/usage history of the secure container 104 as us- 
age log data 108, and also create usage control status 
(UCS) data 166 indicating the purchase mode. 25 
[0081] The usage log data 108 is sent from the user 
home network 103 to the EMD service center 102, for 
example, in response to a request from the EMD service 
center 102. The UCS data 166 is sent from the user 
home network 103 to the EMD service center 102, for 30 
example, every time the purchase mode is determined. 
[0082] The EMD service center 102 detemiines (cal- 
culates) the accounting content based on the usage log 
data 108, and settles the account, based on the calcu- 
lated accounting content, by using a settlement organi- 35 
zation 91 , such as a bank, via a payment gateway 90. 
According to this settlement, the payment made by the 
user of the user home network 103 to the settlement or- 
ganization 91 is given to the content provider 101 by the 
settlement processing performed by the EMD service 
center 1 02. The EMD service center 1 02 regularly sends 
settlement report data 1 07 to the content provider 1 01 . 
[0083] In this embodiment, the EMD service center 

102 has an authentication function, a key-data manage- 
ment function, and a rights processing (profit distribu- '*5 
tlon) function. 

[0084] More specifically, the EMD service center 1 02 
serves as a second certifying authority located at a layer 
lower than a root certifying authority 92, which is the 
neutral supreme authority, and authenticates public key 50 
data by attaching a signature to the public-key certificate 
data of the public key data by using private key data of 
the EMD service center 1 02. The public key data is used 
for verifying the integrity of the signature data in the con- 
tent provider 101 and the SAMs 1 05^ through 1 054. As ss 
stated above, the EMD service center 1 02 registers and 
authorizes the. UCP data 106 of the content provider 
101 , which is also part of the authentication function of 
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the EMD service center 102. 

[0085] The EMD service center 1 02 also has the key- 
data management function of managing key data, such 
as license key data KD., through KDg. 
[0086] The EMD sen/ice center 1 02 also has the fol- 
lowing rights processing (profit distribution) function. 
The EMD service center 1 02 settles the account for the 
purchase and usage of the content made by the user 
based on the suggested retailer's price (SRP) stated in 
the authorized UCP data 106 and the usage log data 
108 input from the SAMs 105^ through 1064, and dis- 
tributes the payment made by the user to the content 
provider 1 01 . 

[0087] Fig. 2 schematically illustrates the concept of 

the secure container 104. 

[0088] The secure container 104 stores, as shown in 
Fig. 2 the content file OF created by the content provider 

1 01 and the key file KF created by the EMD service cent- 
er 1 02. 

[0089] In the content file CF, header data containing 
a header and a content ID, the content data C encrypted 
with the content key data Kc, and the signature data en- 
crypted with private key data Kcps of the content pro- 
vider 101 are stored. 

[0090] In the key file KF, header data containing a 
header and a content ID, the content key data Kc and 
the UCP data 106 encrypted with the license key data 
KD, through KDg, and the signature data encrypted with 
the private key data K^scs of *6 EMD service center 

102 are stored. 

[0091] In Fig. 2, the UCP data 106 may not be en- 
crypted with the license key data KD.| through KDg, in 
which case, the signature data encrypted with the pri- 
vate key data Kcp,s of the content provider 1 0 1 is added 
to the UCP data 106. 

[0092] Details of the individual elements of the EMD 
system 1 00 are discussed below. 

[Content provider 101] 

[0093] Before starting to communicate with the EMD 
service center 1 02, the content provider 1 01 offline reg- 
isters the public key data Kcp,p created by the content 
provider 101, the ID certificate, and the bank account 
number (for settling the account) of the content provider 
101 in the EMD service center 102, and obtains a unique 
identifier (ID number) CP_ID. The content provider 101 
also receives from the EMD service center 1 02 the pub- 
lic key data K^gcp of the EMD service center 102 and 
the public key data Kp.(;A,p of the root certifying authority 
92. 

[0094] The content provider 101 creates the secure 
container 104 which stores the content file CF and sig- 
nature data SIGgcp of the contentfile CF shown in Fig. 
3A, the key file KF corresponding to the content file CF 
read from a key file database 118b and signature data 
SIG7 CP of the key file KF shown in Fig. SB, public-key 
certificate data CERcp of the content provider 101 read 
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from a storage unit 119 and signature data SIG-, ^^c °f 
the public-key certificate data CERcp shown in Fig. 3C. 
[0095] The content provider 101 supplies oniine or of- 
fline the secure container 104 to the networl< device 
160, of the user home network 103 shown in Fig. 1. 
[0096] In this manner, according to this embodiment, 
an in-band system is employed in which the public key 
certificate CERcp of the public key data Kcp.p of the con- 
tent provider 1 01 , which is stored in the secure container 
1 04, is directly sent to the user home network 1 03. This 
eliminates the need for the user home network 103 to 
communicate with the EMD service center 102 in order 
to acquire the public key certificate CERcp. 
[0097] Alternatively, in the present invention, an out- 
of-band system may be employed in which the user 
home network 1 03 may acquire the public key certificate 
CERcp '""O"^ EMD service center 1 02 instead of stor- 
ing it in the secure container 1 04. 
[0098] In this embodiment, the signature data is gen- 
erated by hashing the data used for the signature in the 
content provider 101 , the EMD service center 102, and 
the SAMs 105., through 1064 by using the private keys 
Kcp.s. Kescs. Ksami through Kg^^^^, respectively. The 
hash values are generated by using hash functions. Ac- 
cording to the hash functions, the data used for signa- 
tures is input and is compressed into data having a pre- 
determined bit length, which is then output as the hash 
values. It is difficult to predict the input value from the 
hash values (output values), and when one bit of the 
input data changes, many bits of the hash values 
change. It is also difficult to search for the input data 
having the same hash value. 

[0099] Details of the individual data in the secure con- 
tainer 104 are as follows. 

Signature data SIG rpp 

[01 00] The signature data SlGg cr is used at the des- 
tination of the secure container 104 for verifying the in- 
tegrity of the creator and the sender of the content file 
CF 

Signature data SIF 7r!P 

[0101] The signature data S IG7 cp is used at the des- 
tination of the secure container 104 for verifying the in- 
tegrity of the sender of the key file KF. The integrity of 
the creator of the key file KF is verified at the destination 
of the secure container 1 04 based on the signature data 
SIGki.esc wittiin the key file KF. The signature data 
SIGk^ ESC is u&ed for verifying the riegistration of 
the key file KF in the EMD service center 102. 

Content flleCF 

[0102] Fig. 4 illustrates details of the content file CF 
shown in Fig. 3A. 

[0103] The content file CF stores, as shown in Figs. 



3A and 4, header data, meta data Meta encrypted with 
the content key data Kc input from an encryption unit 
114, content data C, AA/ decompression software Soft, 
and a digital watermark Information module (Watermark 
5 Module) WM. 

[0104] Fig. 3A illustrates the configuration of the con- 
tent file CF when a digital signal processor (DSP) is used 
as an A/V compression/decompression device for de- 
compressing the content data C. The DSP decompress- 
10 es the content data C within the secure container 1 04 
and embeds and detects digital watermark information 
by using the AA/ decompression software and the digital 
watermark infonnation module within the secure con- 
tainer 1 04. This enables the content provider 1 01 to em- 
's ploy a desired compression method and an embedding 
method for digital watemnark infonnation. 
[0105] If hardware or prestored software is used as 
an A/V compression/decompression device for decom- 
pressing the content data C and for embedding and de- 
20 tecting digital watermark information, the A/V decom- 
pression software and the digital watemiark information 
module may not be stored within the content file OF. 
[0106] The header data contains, as shown in Fig. 4, 
a synchronization signal, a content ID, signature data 
25 obtained by the private key data Kcps of the content 
provider 101 for verifying the content ID, directory infor- 
mation, hyperlink information, infonnation concerning 
the serial number, the effective period and the creator 
of the content file CF, the file size, the encryption flag, 
30 the encryption algorithm, and the signature algorithm, 
and signature data obtained by the private key data 
Kcps content provider 1 01 for verifying the direc- 
tory infonnation. 

[0107] The meta data Meta includes, as shown in Fig. 
35 4, the description of a product (i.e. , content data C), ad- 
vertisement information for product demonstration, 
product-related information, and signature data of the 
contentprovider 101 forverifying the above infomnation. 
[0108] In the present Invention, the meta data Meta is 
'*o sent while being stored in the content file CF, as shown 
in Figs. 3A and 4. Alternatively, instead of storing the 
meta data Meta in the content file CF, the meta data Me- 
ta may be transmitted from the content provider 101 to, 
for example, the SAM 105., via a path different from the 
45 path for sending the content file CF. 

[0109] The content data C is obtained in the following 
manner. Source digital watermark information (Source 
Watermark) Ws, copy control digital watemiark informa- 
tion (Copy Control Watermark) Wq, user digital water- 
so mark infomnation (User Watermark) Wy, and link digital 
watermark information (Link Watermark) Wl, etc., are 
embedded into content data read from, for example, a 
content master source database. Then, the content data 
is compressed according to a voice compression meth- 
S5 od, such as adaptive transfonn acoustic coding 3 
(ATRAC3) (brand name), and is encrypted according to 
a common key cryptosystem, such as the data encryp- 
tion standard (DES) or Triple DES, by using a content 
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key Kc as the common key. 

[01 10] The content key data Kc is obtained by, for ex- 
ample, generating a random number having a predeter- 
mined number of bits by using a random number gen- 
erator. The content key data Kc may be generated from 
information concerning a music piece provided by the 
content data. The content key data Kc is regularly up- 
dated. 

[01 1 1] In the presence of a plurality of content provid- 
ers 1 01 , the content key data Kc unique to each content 
provider 101 may be used, or the common content data 
Kc may be used for all the content providers 1 01 . 
[0112] Source digital watermark information Wg indi- 
cates information concerning the copyright, such as the 
name of the copyright holder of the content data, the 
International Standard Recording Code (ISRC), the au- 
thoring date, the authoring machine identification data 
(ID), and the distribution destination of the content. 
[0113] The copy control digital watermark infomiation 
Wq indicates information including a copy prohibit bit for 
preventing a copying operation via an analog Interface. 
[0114] The user digital watermark information 
contains, for example, the identifier CP_ID of the con- 
tent provider 101 for specifying the distribution source 
and the distribution destination of the secure container 
104, and the identifier SAM_IDi through SAMJD^ of the 
SAMs 1 05i through lOS^, respectively, of the user home 
network 103. 

[0115] The link digital watermark information Wl in- 
cludes, for example, the content ID of the content data 
C. By embedding the link digital watemriark infomiation 
W|_ into the content data C, even for the content data C 
distributed via an analog broadcast, such as a television 
broadcast or an amplitude modulation (AM)/frequency 
modulation (FM) radio broadcast, in response to a re- 
quest from the user, the BMD service center 1 02 is able 
to introduce the content provider 1 01 , which handles the 
content data C, to the user. That is, the receiving side 
of the content data C detects the link digital watemark 
information Wl embedded into the content data C by 
using a digital watermark information decoder, and 
sends the detected content ID to the EI\/ID service center 
1 02. This enables the EMD service center 1 02 to intro- 
duce the content provider 101 , which handles the con- 
tent data C, to the user. 

[0116] More specifically, it is now assumed that the 
user listens to a piece of music on air in an automobile 
and finds it interesting, and presses a predetermined 
button. Then, a digital watermark information decoder 
integrated in the radio detects the content ID contained 
in the link digital watermark information Wl embedded 
into the content data C and the communication address 
of the EMD service center 102 which registers the con- 
tent data C. The digital watennark infomnation decoder 
then records the detected data on a medium SAM load- 
ed in a portable medium, for example, a semiconductor 
memory, such as, a Memory Stick (brand name), or an 
optical disc, such as, a mini disc (MD) (brand name). 



The portable medium is then set in a network device 
loaded with a SAM connected to a network. After per- 
forming mutual authentication between the SAM and the 
EMD service center 1 02, the ID infonnation stored in the 

5 medium SAM and the recorded content ID are sent from 
the network device to the EMD service center 102. 
Then, the network device receives a list of content pro- 
viders which handle the content data C, such as the con- 
tent provider 1 01 , from the EMD service center 1 02. 

10 [0117] Alternatively, In response to the content ID 
from the user, the EMD service center 102 may send 
information of the user to the content provider 101, 
which handles the content data C corresponding to the 
content ID. Upon receiving the above-mentioned infor- 

'5 mation, if the user is found to have already made a con- 
tract with the content provider 101, the content provider 

101 may send the content data C to the network device 
of the user If not, the content provider 101 may send 
promotion information of the content provider 101 to the 

20 network device of the user 

[0118] In a second embodiment (described below) of 
the present invention, based on the link digital water- 
mark infomiation Wl, the EMD service center 102 is 
able to introduce a service provider 31 0, which handles 

25 the content data C, to the user 

[01 1 9] Preferably, in the first embodiment, the content 
and the embedding position of the digital watennark in- 
formation may be defined as the digital watermark infor- 
mation module WM, which may be registered and man- 

30 aged in the EMD service center 1 02. The digital water- 
mark information module WM is used for verifying the 
digital watermark information by, for example, the net- 
work device 160., and the A/V machines I6O2 through 
I6O4 within the user home network 103. 

35 [0120] More specifically, the user home network 103 
detenmines based on the user digital watermark infor- 
mation module WM managed by the EMD service center 

1 02 whether the content and the embedding position of 
the digital watermark information detected by the user 

40 home network 1 03 coincide with those managed by the 
EMD service center 102. If the detected information 
matches that of the EMD service center 1 02, the digital 
watemiark infonnation Is determined to be legal. It is 
thus possible to detect illegally embedded digital water- 

45 mark infonnation with high probability. 

[0121] The AA' decompression software Soft, which 
may be ATRAC3 decompression software, is used for 
decompressing the content file CF in the networi< device 
160^ and the A/V machines ISOj through I6O4 of the 

so user home network 103. 

[0122] This enables the SAMs 1 05^ through 1 05^ to 
decompress the content data C simply by using the A/ 
V decompression software stored in the secure contain- 
er 1 04. Accordingly, even if different oompresslon/de- 

ss compression methods are set for the individual Items of 
content data C or for the individual content providers, a 
heavy burden of decompressing the content data C is 
not imposed on the user 
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[0123] The content file CF may contain, as shown in 
Fig. 4, a file reader and signature data for verifying the 
file reader by using a private key Kcps. This enables the 
SAMs 105^ through 105^ to efficiently process a plurality 
of different types of secure containers 104 which store 
the different formats of content files CF. 
[0124] The file reader Is used for reading the content 
file CF and the corresponding key file KF, and indicates 
the reading procedure of these files. 
[0125] In this embodiment, It Is assumed that the file 
reader has been sent from the EMD service center 1 02 
to the SAMs 105^ through IO54, and thus, the content 
file CF of the secure container 1 04 does not store a file 
reader. 

[0126] In this embodiment, the encrypted content da- 
ta C is stored in the secure container 104 without de- 
pending on factors, such as the compression flag, i.e., 
whether the content data C is compressed, the com- 
pression method of content data C, the encryption meth- 
od (including the common key cryptosystem and the 
public key cryptosystem), the signal source of the con- 
tent data C (for example, the sampling frequency), and 
the signature-data creating method (algorithm). That is, 
the above-described factors can be determined at the 
discretion of the content provider 1 01 . 

Key file KF 

[01 27] Fig. 5 Illustrates details of the key file KF shown 
in Fig. 3B. 

[0128] In this embodiment, for example, after regis- 
tration processing Is perfonned by sending a registration 
module Modj from the content provider 101 to the EMD 
service center 102, as shown in Fig. 6, the key file KF 
for six months, for example, is sent from the EMD serv- 
ice center 1 02 to the content provider 1 01 and is stored 
in a key file database. In sending and receiving the reg- 
istration module Modg and the key file KF, mutual au- 
thentication is perfonned between the content provider 
101 and the EMD service center 102, and the registra- 
tion module Mod^ aiid the key file KF are encrypted and 
decrypted by using session key data Ksgg. 
[01 29] The key file KF is provided for each content da- 
ta C, and is linked to the con-esponding content file CF 
according to directory structure data DSD within the 
header of the content file CF, which is discussed in detail 
below. 

[0130] The key file KF stores, as shown in Figs. 3B 
and 5, a header, content key data Kc, the UCP data (li- 
cense agreement conditions) 1 06, SAM program down- 
load containers SDC.| through SDC3, and signature data 
SIGki.esc- 

[0131] The signature data obtained by using the pri- 
vate key Kgscs of the EMD sen/ice center 102 may be 
signature data SIGki esc ^or a" the data stored in the 
key file KF, as shown in Fig. 3B. Altematively, the sig- 
nature data may be separately provided, as shown In 
Fig. 5, for information from the header to the key file, for 



the content key Kc and the UCP data 106, and for the 
SAM program download containers SDC. 
[0132] The content key data Kc and the UCP data 
1 06, and the SAM program download containers SDC^ 

5 through SDC3 are encrypted with the use of the license 
key data KD., through KDg of corresponding periods. 
[0133] The UCP data 106 may not be stored in the 
key file KF, in which case, it is provided with signature 
data without being encrypted by the license key data. 

10 [0134] The header data contains, as shown in Fig. 5, 
a synchronization signal, a content ID, signature data 
for verifying the content ID by using the private key 
Kgsc.s of the EMD service center 1 02, directory struc- 
ture data, hyperlink data, information concerning the key 

'5 file KF, and signature data for verifying the directory 
structure data by using the private key K^sc s °^ the 
EMD service center 1 02. 

[0135] Various types of information may be contained 
in the header data, and may be variable according to 
20 the situation. For example, information shown in Fig. 7 
may be contained. 

[0136] The content ID may store infomnation shown 
in Fig. 8. The content ID Is created in the EMD service 
center 102 or the content provider 101 , and the signa- 
ls ture data obtained by using the private key data K^scs 
of the EMD service center 102, as shown in Fig. 8, or 
the signature data obtained with the private key data 
Kcp s °' the content provider 1 01 is attached to the con- 
tent ID. The content ID may be created either in thecon- 
30 tent provider 1 01 or the EMD service center 1 02. 

[0137] The directory structure data represents a rela- 
tionship among the content files CF and a relationship 
between the content file CF and the key file KF within 
the secure container 1 04. 
■35 [0138] For example, if content files CF^ through CF3 
and the corresponding key files KF., through KF3 are 
stored in the secure container 104, a link between the 
CFi through CF3 and a link between the content files 
CF, through CF3 and the key files KF^ through KF3 are 
"fo established, as shown in Fig. 9, by the directory struc- 
ture data. 

[0139] The hyperiink data represents a hierarchical 
structure of the key file KF and a relationship between 
the content files CF and the key files KF by considering 

'*5 all the files inside and outside th e secu re container 1 04. 
[0140] More specifically, address information to be 
linked and the authentication value (hash value) thereof 
are stored, as shown in Fig. 1 0, in the secure container 
104 for each content file CF and for each key file KF. 

so The hash value of one content file CF or one key file KF 
obtained by a hash function H(x) is then compared with 
that of another file CF or another key file KF to be linked, 
thereby verifying the link between the files. 
[0141] The UCP data 106 is a descriptor which de- 

S5 fines the operation rules of the content data C, for ex- 
ample, the suggested retailer's price (SRP) and the cop- 
ying rules desired by the operator of the content provider 
101. 
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[0142] More specifically, the UCP data 106 contains, 
as shown in Fig. 5, a content ID, an identifier of the con- 
tent provider 1 01 CP_ID, the effective date of the UCP 
data 106, the communication address ofthe EMD serv- 
ice center 102, use-space research information, the 
SRP, the usage policy, the DCS information, the UCS 
information for demonstrating the product, and signa- 
ture data for the above-described infomnation. 
[0143] The UCS infomiation indicates an accepted 
purchase mode selected from various purchase modes, 
for example, redistribution, pay per use, sell through, 
time limited sell through, sell through pay per play N, 
pay per time, pay per use for a SCMS device, pay per 
block, etc. 

[0144] In the second embodiment, which is discussed 
below, in sending a secure container304 to a user home 
network 303 via a service provider 310, the UCP data 
106 contains the identifier of the service provider 310 
SP_ID which is provided with the secure container 1 04 
by a content provider 301 . 

[0145] The SAM program download containers SDCi 
through SDC3 stores, as shown in Fig. 5, a download 
driver indicating the procedure for downloading the pro- 
grams within the SAMs 1 05, through 1 054, a label read- 
er, such as UCP-L (label). R (Reader), representing the 
syntax (grammar) ofthe UCP data U106, lock key data 
for locking or unlocking of the writing and the erasing of 
each block data stored in a storage unit 1 92 (a flash read 
only memory (ROM), such as a mask ROM 1104 or a 
non-volatile memory 1105) built in each of the SAMs 
105i through 1064, and signature data for the above- 
described information. The mask ROM 11 04 or the non- 
volatile memory 1105 controls the writing and the eras- 
ing of the storage data in units of blocks based on the 
lock key data. 

[01 46] A description is now given of the mode in which 
the secure container 104 is supplied from the content 
provider 101 to the user home network 103. 
[0147] As discussed above, the content provider 1 01 
supplies the secure container 1 04 online or offline to the 
user home network 1 03. 

[0148] When the content provider 101 supplies the 
secure container 104 online to the network device I6O1 
of the user home network 1 03, the following process is 
taken. The content provider 101 mutually authenticates 
with the network device 1 60.| so as to share the session 
key (common key) Kg^s, and encrypts the secure con- 
tainer 104 by using the session key Kg^g and sends it 
to the EMD service center 102. The session key.KsEs 
is newly created every time mutual authentication is per- 
fornied. 

[0149] As the communication protocol for sending the 
secure container 1 04, a Multimedia and Hypermedia in- 
formation coding Experts Group (MHEG) protocol is 
used for a digital broadcast, or extensible markup lan- 
guage (XML), synchronized multimedia integration lan- 
guage (SMIL), or hypertext markup language (HTML) 
may be used for the Internet. The secure container 1 04 



is embedded within the corresponding protocol accord- 
ing to a tunneling technique without depending on the 
coding method. 

[0150] Accordingly, the format of the secure container 
5 104 does not have to match the communication proto- 
col, thereby increasing the flexibility in selecting the for- 
mat of the secure container 1 04. 

[0151] The communication protocol used for sending 
the secure container 104 from the content provider 101 
10 to the user home network 103 is not restricted to the 
above-described protocols. 

[0152] In this embodiment, as the modules built in the 
content provider 101 , the EMD service center 102, and 
the network device 160^ for communicating with each 
'5 other, tamper-free or high tamper-resistant communica- 
tion gateways which are protected from being monitored 
are used. 

[0153] In contrast, when the content provider 101 sup- 
plies the secure container 104 offline to the user home 

20 network 1 03, the secure container 1 04 is recorded on a 
recording medium (ROM or RAM), which is discussed 
in detail below, and the contents ofthe ROM or RAM is 
then supplied to the user home network 1 03 via a com- 
munication path. 

25 [0154] Fig. 11 illustrates a recording medium (ROM) 
130i used in this embodiment. 

[0155] The recording medium (ROM) 130^ has a 
ROM area 1 31 , a secure RAM area 1 32, and a medium 
SAM 133. The content file OF shown in Fig. 3A is stored 

30 in the ROM area 131. 

[01 56] The secure RAM area 1 32 is an area which re- 
quires a predetemnined permission (authentication) to 
make access, and stores signature data created by us- 
ing as arguments the key file KF shown in Fig. 3B, the 

35 public-key certificate data CERcp shown in Fig. 30, and 
storage key data Kgyp having a unique value according 
to tfie type of machine, by utilizing a message authen- 
tication code (MAC) function. The secure RAM area 132 
also stores data obtained by encrypting the key file KF 

to and the public-key certificate data CERcp by using me- 
dium key data K^^eq having a value unique to the re- 
cording medium. 

[0157] The secure RAM area 132 also stores public 
key certificate revocation data for specifying the content 
provider 101 and the SAMs 105, through 1064 which 
have become invalid due to an illegal action. 
[0158] In communicating between the medium SAM 
used in this embodiment and a medium drive SAM 260, 
which is discussed below, one SAM compares its revo- 

50 cation list with that of the other SAM and detemnines 
when the lists were created. The revocation list created 
earlier is updated by the other revocation list. 
[0159] The secure RAM area 132 stores the UCS data 
166 which is created when the purchase/usage mode 

55 of the content data C Is determined in the SAMs 1 05, 
through 1 05^ of the user home network 1 03. By storing 
the UCS data 166 in the secure RAM area 132, the re- 
cording medium (ROM) 130., In which the purchase/us- 
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age mode is determined can be provided. 
[01 60] The medium SAM 1 33 stores, for example, the 
media ID, which is the Identifier of the recording medium 
(ROIVl) 130,, and the medium l<ey data Kj^igQ. The me- 
dium SAIVI 133 has, for example, a nnutual authentica- 
tion function. 

[0161] The recording medium (ROM) usable In this 
embodiment may also be a recording medium (ROI^) 
laOg shown in Fig. 12 or a recording medium (ROM) 
13O3 shown in Fig. 13, 

[0162] The recording medium (ROM) ISOg illustrated 
in Fig. 12 has a ROM area 131 and a medium SAM 133 
having an authentication function, but is not provided 
with a secure RAM area 132, unlike the recording me- 
dium (ROM) 130i shown in Fig. 11 . If tlie recording me- 
dium (ROIVI) 13O2 is used, the content file CF is stored 
in the ROM area 131 and the key file KF Is stored In the 
medium SAM 133. 

[01 63] The recording medium (ROM) 1 3O3 illustrated 
in Fig. 1 3 has a ROM area 1 31 and a secure RAM area 
132, but is not provided with a medium SAM 133, unlike 
the recording medium (ROM) 130, shown in Fig. 11. If 
the recording medium (ROM) 13O3 is used, the content 
file CF is stored in the ROM area 1 31 , and the key file 
KF is stored in the secure RAM area 1 32. Authentication 
is not perfonned with the con-esponding SAM. 
[0164] Instead of a ROM recording medium, a RAM 
recording medium may be employed in this embodi- 
ment. 

[0165] As the RAM recording medium usable in this 
embodiment, a recording medium (RAM) 13O4 having a 
medium SAM 133, a secure RAM area 132, and an un- 
secured RAM area 134 may be used, as shown in Fig. 
14. In this recording medium (RAM) 13O4, the medium 
SAM 133 has an authentication function, and the secure 
RAM area 132 stores the key file KF. The unsecured 
RAM area 134 stores the content file CF. 
[0166] Alternatively, a recording medium (RAM) 13O5 
shown in Fig. 15 and a recording medium (RAM) ISOg 
shown in Fig, 16 may be employed. 
[0167] The recording medium (RAM) I3O5 shown In 
Fig. 15 includes an unsecured RAM area 134 and a me- 
dium SAM 133 having an authentication function, but is 
not provided with a secure RAM area 132, unlike the 
recording medium (RAM) I3O4 shown in Fig. 14, In us- 
ing the recording medium (RAM) 13O5, the content file 
CF is stored in the unsecured RAM area 134, and the 
key file KF is stored in the medium SAM 133. 
[0168] The recording medium (RAM) 130g includes a 
secure RAM area 1 32 and an unsecured RAM area 134, 
but is not provided with a medium SAM 133, unlike the 
recording medium (RAM) 13O4 shown in Fig. 14. In us- 
ing the recording medium (RAM) ISOg, the content file 
CF is stored in the unsecured RAM area 134, and the 
key file KF is stored in the secure RAM area 132. Au- 
thentication is not performed with the corresponding 
SAM. 

[0169] As stated above, regardless of whether the 
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content data C is distributed online via a network or of- 
fline using, for example, the recording medium 130, 
from the content provider 1 01 to the user home network 
103, the common forniat of the secure container 104 

5 which stores the UCP data 106 is used for distributing 
the content data C. This enables the SAMs 105, through 
1064 of the user home network 103 to perform rights 
processing based on the common UCP data 106. 
[0170] As also discussed above, In this embodiment, 

10 the in-band system is employed in which the content da- 
ta C encrypted with the content key data Kc is stored 
together with the content key. data Kc for decrypting the 
content data C in the secure container 104, According 
to this in-band system, it is not necessary to separately 

15 distribute the content key data Kc when the user home 
network 103 plays back the content data C, thereby re- 
ducing the burden in network communication. The con- 
tent key data Kc is encrypted with the license key data 
KD, through KDg. However, the license key data KD^ 

20 through KDg are managed in the EMD service center 
1 02 and have already been distributed to the SAMs 1 05, 
through 1064 of the user home network 103 when the 
SAMs 105, through 1064 first accessed the EMD serv- 
ice center 1 02. This enables the user home network 1 03 

25 to use the content data C offline without accessing the 
EMD service center 102 online, 
[0171] In the present invention, the out-of-band sys- 
tem may be employed in which the content data C and 
the content key data Kc are separately supplied to the 

30 user home network 1 03, which will be described below. 
[0172] The process for creating the secure container 
1 04 by the content provider 1 01 is as follows. 
[0173] Figs. 17 through 1 9 are a flow chart illustrating 
the above-described process. 

35 [0174] In step SI 7-1 (Fig. 17), the content provider 
101 registers offline in the EMD service center 102 by 
using the ID certificate of the content provider 1 01 orthe 
bank account for settling the account, and acquires the 
globally unique identifier CPJD. The content provider 

to 101 has already obtained the public key certificate CER- 
cp of the content provider 101 from the EMD service 
center 1 02. 

[017S] In step 817-2, the content provider 101 then 
digitizes content master sources, such as content data 

45 to be authored and prestored legacy content data, and 
assigns the content IDs to such data. The content mas- 
ter sources are then stored in a content master source 
database and are centrally managed. 
[0176] Then, in step SI 7-3, the content provider 101 

so creates meta data Meta for each of the centrally man- 
aged content master sources and stores it in a meta da- 
tabase. 

[0177] Subsequently, in step SI 7-4, the content pro- 
vider 101 reads content data, i.e., a content master 
55 source, from the content master source database, and 
embeds digital watermark information in the content da- 
ta. 

[0178] In step S1 7-5, the content provider 1 01 stores 
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the content and the embedding position of the digital wa- 
termark infomnatlon embedded in step SI 7-4 in a pre- 
determined database. 

[0179] Then, in step S17-6, the content data having 
the embedded digital watermark information is com- 
pressed. 

[0180] lnstepS17-7,thecontentprovlder101 creates 
content data by decompressing the content data com- 
pressed in step S17-6. 

[0181] In step S17-8, the content provider 101 per- 
forms an audio check on the compressed content data. 
[0182] Thereafter, in step S17-9, the content provider 
101 detects the digital watermark embedded into the 
content data based on the content and the embedding 
position of the digital watermark information stored in 
the database in step SI 7-5. 

[01 83] If both the audio check and the detection of the 
digital watermark information have been successfully 
perfonned, the content provider 101 executes process- 
ing of step SI 7-10 (Fig. 18). If either of the above-de- 
scribed processing has failed, the processing of step 
81 7-4 is repeated. 

[0184] In step S17-10, the content provider 101 gen- 
erates a random number to create the content key data 
Kcand retains it.ThecontentproviderlOl also encrypts 
the content data compressed in step SI 7-6 by using the 
content key data Kc. 

[0185] In step 817-11, the content provider 101 cre- 
ates the content file CF shown in Fig. 3A and stores it 
in the content file database. 

[0186] Then, in step 81 7-1 2, the content provider 101 
creates the UCP data 1 06 concemlng the content data 
C. 

[0187] In step 817-13, the content provider 101 de- 
termines the SRP and stores it in the database. 
[0188] In step 317-14, the content provider 101 out- 
puts the content ID, the content key data Kc, and the 
UCP data 106 to the EMD sen/ice center 102. 
[0189] Subsequently, in step SI 7-1 5, the content pro- 
vider 1 01 receives the key file KF encrypted with the li- 
cense key data KD, through KD3 from the EMD service 
center 1 02. 

[0190] lnstepS17-16,thecontentprovider 101 stores 
the received key file KF in the key file database. 
[0191] In step 817-17 (Fig. 19), the content provider 
101 hyperlinks the content file CF and the key file KF 
[0192] In step 817-18, the content provider 101 cre- 
ates the signature data SIG5 from the hash value of 
the content file CF by using the private key data Kcp,s- 
The content provider 1 01 also creates the signature da- 
ta SIG7 CP from the hash value of the key file KF by using 
the private key data K^ps- 

[0193] In step 817-19, the content provider 101 gen- 
erates the secure container 1 04 storing the content file 
CF, the key file KF, the public-key certificate data CER- 
cp, the signature data SIGg cp. SIGy.cp- ^rid SIG^^gc 
as shown in Figs. 3A through 3C. 
[01 94] If it is desired that content data is provided in 



a composite format including a plurality of secure con- 
tainers, each secure container 1 04 is created by repeat- 
ing the processes in step 81 7-1 through 817-19. Then, 
in step 81 7-20, a relationship between the content files 
5 CF and the key files KF is hyperlinked, and also a rela- 
tionship between the content files CF is hyperlinked. 
[0195] Thereafter, in step 81 7-21 , the content provid- 
er 101 stores the created secure container 104 in the 
secure container database. 

10 

[EMD service center 1 02] 

[0198] Fig. 20 illustrates the basic functions of the 
EMD service center 1 02. Primarily, as shown in Fig, 20, 

'5 the EMD center 1 02 supplies the license key data to the 
content provider 1 01 and the SAMS 1 05^ through 1 064, 
issues public-key certificate data CER^p, and CERg^iy., 
through CERsam4, creates the key file CF, and performs 
payment settlement (profit distribution) based on the us- 

20 age log data 1 08. 

Supply of license key data 

[0197] A description is first given of the process for 
25 sending the license key data from the EMD service cent- 
er 1 02 to the SAMs 1 05^ through 1 064 of the user home 
network 103. 

[0198] The EMD service center 1 02 reads the license 
key data KD., through KD3 regularly, for example, for 
30 three months, from the key database, and creates the 
signature data SIGkqi gsc through SIGkds.esc from the 
hash values by using the private key data Kgscs of 
EMD service center 102. 

[0199] The EMD service center 1 02 then encrypts the 
35 license key data KD., through KD3 for three months and 
the signature data SIG,^, through SIGi^Dg ggg by 
using the session key data Kqes. which is obtained by 
performing mutual authentication with the SAMs 105^ 
through 1064, and sends the encrypted data to the 
40 SAMS 105, through 1064. 

[0200] Similarly, the EMD service center 102 sends, 
for example, the license key data KD^ through KDg for 
six months, to the content provider 1 01 . 

■<5 Issuing of public-key certificate data 

[0201] A description is given below of he process to 
be executed when the EMD service center 1 02 receives 
a request to issue the public-key certificate data CERcp 

so from the content provider 1 01 . 

[0202] Upon receiving the identifier of the content pro- 
vider 1 01 CPJD, the public key data K^pp, and the sig- 
nature data SIG9 CP from the content provider 1 01 , the 
EMD service center 102 decrypts such data by using 

55 the session key data Kses obtained by performing mu- 
tual authentication with the content provider 101 . 
[0203] After verifying the integrity of the decrypted 
signature data SIGg cp, the EMD service center 102 
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makes a determination, based on the identifier CP_ID 
and the public key data Kcpp, whether the content pro- 
vider 101 , which has requested the issuing of the public- 
key certificate data, is registered in a CP database. 
[0204] Then, the EIVID service center 102 reads the 
X. 509-fonnat public-key certificate data CERqp of the 
content provider 101 from the certificate database, and 
creates the signature data SIG., ^gQfrom the hash value 
of the public-key certificate data CERcp by using the pri- 
vate key Kggg g of the EMD service center 102. 
[0205] The EM D service center 1 02 encrypts the pub- 
lic-key certificate data CERcp and the signature data 
SIGi ESC ''y using the session key data Kses obtained 
by performing mutual authentication with the content 
provider 1 01 , and sends the encrypted data to the con- 
tent provider 101 . 

[0206] The process to be performed when the EMD 
service center 1 02 receives a request from the SAM 
105.{ to issue the public-key certificate data CERsa^.) is 
similar to that when receiving a request to issue the pub- 
lic-key certificate data CERcp from the content provider 
1 01 , except that processing is performed with the SAM 
105.|. The public-key certificate data CERs/^^., is also 
described in X. 509 format. 

[0207] In the present invention, if it is designed that 
the private key data Ksami.s and the public key data 
KsAMi,p are stored in a storage unit of the SAM 1051 
when shipping the SAM 105^, the EMD service 102 may 
create the public-key certificate data CERsami of 
public key data Kg^Mi p when shipping the SAM 105.,. 
In this case, the created public-key certificate data 
CER3AM., may be stored in the storage unit of the SAM 
105.| when shipping the SAM 105v 

Creating of key file KF 

[0208] Upon receiving the registration module M062 
shown in Fig. 6 from the content provider 101 , the EMD 
service center 1 02 decodes the registration module 
Modg by using the session key Kggg obtained by con- 
ducting mutual authentication with the content provider 
101. 

[0209] The EMD service center 102 then verifies the 
integrity of the signature data SIG^^ cp using the 
public key data K^^pp read from the key database. 
[0210] Subsequently, the EMD service center 102 
registers in the UCP database the UCP data 1 06, the 
content key data Kc, the digital watermark information 
control data WM, and the SRP stored in the registration 
module Mod2. 

[0211] The EMD service center 102 encrypts the con- 
tent key data Kc, the UCP data 106, and the SAM pro- 
gram download containers SDC, through SDC3 by us- 
ing the I icense key data KD^ through KDg of correspond- 
ing periods read from a key server 
[021 2] The EM D service center 1 02 then creates the 
signature data SIG^i esc 'rom the hash values of the 
header data, the content key data Kc, the UCP data 1 06, 
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and the SAM program download containers SDC^ 
through SDC3 by using the private key data K^sc.s of 
the EMD service center 102. 

[0213] In this manner, the EMD service center 102 
5 creates the key file KF shown in Fig. 3B and stores it in 
the KF database. 

[0214] Thereafter, the EMD service center 1 02 reads 
the key file KF from the KF database and encrypts it by 
using the session key data Kg^s obtained by conducting 
10 mutual authentication with the content provider 101. and 
then sends it to the content provider 101. 

Settlement processing 

IS [0215] Payment settlement perfomied in the EMD 
service center 102 is as follows. 

[0216] Upon receiving from, for example, the SAM 
1 05^ of the user home network 1 03, the usage log data 
108 and signature data SIGqoo.sami thereof, the EMD 

20 service center 1 02 decrypts such data by using the ses- 
sion key data Kses obtained by performing mutual au- 
thentication with the SAM 105^, thereby verifying the 
signature data SIG2oo,sAMi created by the public key da- 
ta KsAMi of the SAM ios,. 

25 [0217] Fig. 21 illustrates data described in the usage 
log data 108. The usage log data 1 08 contains, as illus- 
trated in Fig. 21, for example, an ESC_content ID, which 
is a globally unique identifier provided by the EMD serv- 
ice center 102, for the content data C stored in the se- 

30 cure container 104, a CP_content ID, which is a globally 
unique identifier provided by the content provider 101 , 
for the content data C, a user ID, which is an identifier 
of the user who has received the secure container 1 04, 
user infomnation, a SAM_ID, which is an identifier of 

35 each of the SAMs 105^ through 1064 received the se- 
cure container 104, a HNG_ID, which is an identifier of 
a home network group to which the corresponding SAM 
belongs, discount information, tracing information, a 
price tag, a CP_ID of the content provider 101 which has 

•*o provided the content data C, a service provider (portal) 
ID, a hardware provider ID, an identifier of a recording 
medium Media_ID which records the secure container 
104, a component ID, which is an identifier of a prede- 
temnined component, such as a compression method 

45 for the secure container 1 04, an identifier of a license 
owner LHJD of the secure container 104, an identifier 
of the EMD service center 102 ESCJD which perfonns 
payment settlement of the secure container 1 04. 
[021 8] In the second embodiment, which is discussed 

50 below, in addition to the above-described data con- 
tained in the usage log data 108, usage log data 308 
includes an identifier SP_content ID provided by the 
serviceprovider310forthe content dataC, and an iden- 
tifier of the sen/ice provider 310 SP_ID which has dis- 

55 tributed the content data C. 

[021 9] If it is necessary that the payment made by the 
user of the user home network 103 is distributed to 
neighboring rights holders other than the content pro- 
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vider 1 01 , for example, license owners for the compres- 
sion method, the recording medium, etc., the ElVID serv- 
ice center 102 detennines the amount of payment ac- 
cording to a predetermined distribution rate, and creates 
the settlement report data and settlement request data s 
1 52 based on the determined amounts of payment. The 
distribution rate may be created for each content data 
stored in the secure container 104. 
[0220] Thereafter, the EMD service center 102 per- 
forms payment settlement based on the SRP and the io 
sales price contained in the UCP data 1 06 read from the 
UCP database and also based on the usage log data 
108, and creates the settlement request data 152 and 
the settlement report data 1 07. 

[0221] The settlement request data 152 is authorized 's 
data which can request the payment from the settlement 
organization 91 based on the aforementioned data, and 
if the payment made by the user is to be distributed to 
a plurality of rights holders, the settlement request data 
152 is created for each rights holder. so 
[0222] The EMD service center 1 02 then decrypts the 
settlement request data 152 and signature data SIGgg 
thereof through mutual authentication and using the 
session key data Kg^s, and then sends them to the set- 
tlement organization 91 via the payment gateway 90 25 
shown in l=ig. 1 . 

[0223] Accordingly, the amount of payment indicated 
in the settlement request data 152 is paid to the content 
provider 101. 

[0224] The EMD service center 1 02 sends the settle- 30 
ment report data 1 07 to the content provider 1 01 . 

[User home networic 1 03] 

[0225] The user home network 1 03 has, as illustrated 35 
in Fig. 1 , the network device 1 60., and the AA/ machines 
I6O2 through 1 6O4. The network device 160^ has the 
built-in SAM 1 05., . The AA/ machines 1 6O2 through 1 6O4 
have the built-in SAMs 1 0Sg through 1 0S^, respectively. 
The SAMs lOSg through 1064 are connected to each 40 
other via the bus 191, for example, an IEEE-1394 serial 
interface bus. 

[0226] A network communication function may be 
provided for the AA/ machines I6O2 through I6O4, 

though it is not essential. If a network communication ^5 
function is not provided, the /W machines 1 6O2 through 
I6O4 may simply use the network communication func- 
tion of the network device 1601 via the bus 191. Alter- 
natively, the user home network 1 03 may include only 
A/V machines without a network function. so 
[0227] Details of the networi< device 160., are as fol- 
lows. 

[0228] Fig. 22 is a block diagram of the network device 
1 6O1 . The network device 1 60^ is fonned of the SAM 
150i, a communication module 162, an A/V compres- ss 
sion/decompression SAM 163, an operation unit 165, a 
download memory 167, a playback module 169, an ex- 
ternal memory 201 , and a host central processing unit 



(CPU) 810. 

[0229] The host CPU 810 centrally controls the 
processing executed within the network device 160^, 
and the host CPU 81 0 and the SAM 1 05^ have a master- 
slave relationship. 

[0230] The relationship between the host CPU 810 
and the SAM 1 05^ is discussed in detail below with ref- 
erence to Fig. 23. 

[0231] In the network device 160,, as shown in Fig. 
23, the host CPU 810 and the SAM 1 05., are connected 
via a host CPU bus 1000. 

[0232] When one of a plurality of interrupt types is se- 
lected according to the operation performed on the op- 
eration unit 1 65 by the user, the host CPU 81 0 receives 
an external intermpt (hardware interrupt) SI 65 indicat- 
ing the selected interrupt. 

[0233] If the task corresponding to the interrupt 81 65 
is found to be executed by the SAM 1 05.,, the host CPU 
810 outputs an internal interrupt (software Interrupt) 
881 0 indicating the task to the SAM 105^ via the host 
CPU bus 1000. 

[0234] Then, the SAM 1 05^ is recognized as an input/ 
output (I/O) device by the host CPU 810, and upon re- 
ceiving the Intemal interrupt S810, which is a function 
call, from the host CPU 810, the SAM 105i executes the 

requested task and returns the execution result to the 
host CPU 810. 

[0235] The major tasks executed by the SAM 105^ 
may include processing for purchasing content data (ac- 
counting processing), signature checking, mutual au- 
thentication, playback of content data, updating, regis- 
tration, downloading, etc. Such tasks are processed 
within the SAM 105^ while being completely shielded 
from an external source, thereby preventing the host 
CPU 810 from monitoring the processed result. 
[0238] The host CPU 81 0 knows which tasks should 
be requested to the SAM lOS^ according to the type of 
event. More specifically, upon receiving the external in- 
terrupt SI 65 by the user's operation performed on the 
operation unit 165, such as an external key device, the 
host CPU 81 0 detennines that the task by the external 
interrupt SI 65 is to be executed by the SAM 1 05., . Then, 
the host CPU 810 outputs the intemal inten-upt S810 to 
the SAM 105i via the host CPU bus 1000 so as to re- 
quest it to execute the task. 

[0237] Interrupts from an I/O device, such as an ex- 
ternal key device, for example, a commander or a key- 
board, to the host CPU 810 occur asynchronously with 
a user program executed by the host CPU 810. Such 
interrupts are normally referred to as the "hardware in- 
terrupts" or "external interrupts". 
[0238] Interrupts, received by the host CPU 810, for 
viewing and listening to the content or purchasing the 
content are hardware interrupts. In this case, the I/O de- 
vice which generates a hardware interrupt may be a key 
device, such as buttons or graphic user interface (GUI) 
icons, of the network device 160^ In this embodiment, 
the operation unit 165 sen/es as such an I/O device. 
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[0239] On the other hand, interrupts generated by the 
execution of a user program (program) by the host CPU 
810 are referred to as "software interrupts" or "internal 
interrupts". 

[0240] Generally, an interrupt signal of the external in- 
terrupt SI 65 is output from the operation unit 1 65 to the 
host CPU 810 via a specific line for external interrupts, 
which is separately provided from the host CPU bus 
1000. 

[0241] One external interrupt S165 is differentiated 
from the other external interrupts S165 by assigning 
numbers to the I/O devices which generate interrupts. 
For example, for a keyboard, numbers are assigned to 
the individual buttons (such numbers are referred to as 
"intermpt types"). Upon pressing one of the buttons, the 
corresponding information is reported from the opera- 
tion unit 165 to the host CPU 810 via the specific line, 
and the number of the pressed button is stored in a 
memory of the I/O interface. In response to the Informa- 
tion indicating that the button has been pressed, the host 
CPU 81 0 accesses the memory of the I/O interface and 
identifies the interrupt type from the number of the but- 
ton, thereby controlling the execution of an interrupt rou- 
tine corresponding to the number of the button. 
[0242] In this case, if the interrupt routine is to be ex- 
ecuted by the SAM 105i, the host CPU 810 sends the 
internal Interrupt S810 to the SAM 105i to request It to 
execute the task. 

[0243] As discussed above, tasks to be executed by 
the SAM 105., may include: 

1. Purchasing content (including purchasing keys 
and demonstration of the content); 

2. Playback of content; and 

3. downloading from the content provider 101 and 
the EMD service center 1 02 (updating, receiving us- 
age log, and program downloading). 

[0244] The host CPU 81 0 first receives external inter- 
rupts SI 65 corresponding to tasks 1 , 2, and 3 from the 
operation unit 165 via the specific line, and outputs the 
corresponding internal intermpts S810tothe SAM lOS^, 
so that the SAM 105i executes tasks 1 , 2 and 3. 
[0245] The I/O devices which generate interrupts cor- 
responding to tasks 1 and 2 are the external key device, 
such as the buttons or the GUIs of the network device 
160,. 

[0246] In the case of task 3, it is not that a push-type 
downloading secure container 1 04 is sent from the con- 
tent provider 101, but that an active pull-type secure 
container 1 04 is sent to the network device 1 60^ (client) 
by performing polling to access the content provider 
101. Accordingly, the host CPU 810 knows that the 
downloaded secure container 1 04 is stored in the down- 
load memory 167 within the network device 160.,. Thus, 
in actuality, the host CPU 810 merely generates the in- 
ternal intermpt S81 0 and sends it to the SAM 1 05^ with- 
out receiving the extemal interrupt 8165 from the oper- 



ation unit 165. 

[0247] Since the SAM 1 05, serves as an I/O device 
(slave) of the host CPU 81 0, the main routine of the SAM 
1 05.) is started when being powered on, and then, enters 
s the standby (waiting) mode. 

[0248] Subsequently, immediately when receiving the 
internal interrupt S810 from the host CPU 810 (master), 
the SAM 105, begins processing the task while being 
completely shielded from an external source. Then, the 

10 SAM 1 05., reports the completion of processing the task 
to the host CPU 810 by the extemal Interrupt (hardware 
interrupt), and requests the host CPU 810 to receive the 
result. Accordingly, the SAM 105., does not contain a 
user main program (user program). 

IS [0249] The SAM 105, executes processing, such as 
for purchasing the content, playback of the content, and 
downloading from the content provider 101 and the 
EMD service center 102, as an inten-upt routine. The 
SAM 1 05^ generally waits in the standby mode, and up- 

20 on receiving the internal interrupt S81 0 from the host 
CPU 810, the SAM 105^ executes the interrupt routine 
corresponding to the interrupt type (number) (function 
call command), and requests the host CPU 810 to re- 
ceive the result. 

25 [0250] More specifically, a request to execute a task 
from the host CPU 81 0 to the SAM 1 05^ by the internal 
interrupt S810 is made according to an I/O command, 
and then, the SAM 105, interrupts itself based on the 
function call command received from the host CPU 810. 

30 In actuality, the host CPU 81 0 outputs the internal Inter- 
rupt S81 0 to the SAM 1 05, by performing the chip select 
for selecting the SAM 1 0S^ . 

[0251] As discussed above, although the host CPU 
81 0 receives the external Inten'upt S1 65 for purchasing 

3S or playing back the content, it request the SAM 1 05., to 
execute the corresponding task. This is because the 
task involves the security, such as encryption process- 
ing, creating and checking signatures, accompanied by 
the processing for purchasing the key. 

40 [0252] The interrupt routine stored in the SAM 105., 
serves as a sub routine of the interrupt routine of the 
host CPU 810. 

[0253] The inten-upt routine executed by the host CPU 
810 is a task which makes an instruction to send the 

45 internal interrupt (function call) S81 0 requesting the ex- 
ecution of the task corresponding to the extemal inter- 
rupt S 1 65 to a common memory space of the SAM 1 05 , . 
[0254] As shown in Fig. 24, each of the interrupt rou- 
tines stored in the SAM 1 05., contains sub routines. Pro- 

50 grams which can be shared with the other interrupt rou- 
tines are preferably defined as sub-routines, thereby 
saving the memory space. The processing of the SAM 
105i may be executed in a manner similar to that exe- 
cuted by a CPU, such as concurrently defining sub-rou- 

5s tines from an interrupt routine or defining second-gen- 
eration sub-routines from a first-generation sub-routine. 
[0255] Referring back to Fig. 23, the relationship be- 
tween the host CPU 81 0 and the SAM 1 05, is described. 
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As discussed above, the host CPU 810 receives an in- 
terrupt from an I/O device, such as an external key de- 
vice, as the external interrupt (hardware interrupt) SI 65 
via a specific line. 

[0256] A number Is provided for each specific line, and 
according to the number, the corresponding interrupt 
vector Is extracted from an interrupt vector table stored 
In a system memory of the host CPU 810, thereby start- 
ing the interrupt routine. 

[0257] There are two kinds of interrupt types: one type 
Is an Indirect access indicating a selection number of 
the Interruptvectorlnthevectortable, and the othertype 
is a direct access indicating the start address of the in- 
terrupt routine. 

[0258] If the received external interrupt indicates a 
task to be executed by the SAM lOS^, the host CPU 810 
outputs the Internal interrupt S81 0 to the SAM 1 05, and 
requests it to execute the task (I/O command). 
[0259] The type of task is defined by a command 
nanne, and the host CPU 810 outputs the command- 
based internal Interrupt 8810 to the SAM lOS^. When 
being powered on, the SAM 1 05^ initializes the program 
and checks the Integrity of the SAM lOS,, as shown in 
Fig. 24, and then, enters a sleep mode (standby mode). 
In the sleep mode, only the operation of the CPU is 
stopped, and the sleep mode Is released by any inter- 
rupt. Thereafter, the status of the SAM 1 05^ is shifted to 
a program execution status via an execution handling 
status. Upon receiving an internal Inten-upt from the host 
CPU 810, the SAM 105., executes the corresponding 
task and returns the result to the host CPU 81 0. 
[0260] In response to the result from the SAM 1 0S^, 
the host CPU 810starts to take another action. Howev- 
er, even while the SAM 105, is executing one task, the 
host CPU 81 0 may perfonn anothertask. The host CPU 
810 receives the execution result of the task from the 
SAM 1 05^ as an interrupt. 

[0261] There are two approaches to reporting the ex- 
ecution result of the task from the SAM 105^ to the host 
CPU 81 0. One approach Is to output an interrupt to the 
host CPU 810 and to request the host CPU 810 to re- 
ceive the result. The other approach Is to provide status 
registers (which Is referred to as the "SAM status regis- 
ters") in an address space of the SAM lOS, which is ac- 
cessible by the host CPU 810. (A read/write command, 
address information, and data from the host CPU 810 
are carried to the address space.) According to the sec- 
ond approach, the type of task, flags indicating whether 
the task Is being waited, executed, or completed, etc. 
can be set In the SAM status register (SAM_SR), and 
the host CPU 810 regularly performs polling (reading 
data) to the SAM status register 
[0262] A first SAM status register sets a flag Indicating 
the status of the SAM 105., read by the host CPU 810. 
[0263] A second SAM status register sets flags des- 
ignating whether the execution of the task from the host 
CPU 810 has been requested. These flags are read by 
the CPU within the SAM 105i. Based on the priority of 
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bus mediation, both the host CPU 810 and the SAM 
105^ are allowed to access the flags set in the first and 
second SAM status registers. 

[0264] More specifically, in the first SAM status regls- 
5 ter, flags are set Indicating whetherthe SAM is executing 
the task, has completed the task, or is waiting for a task 
to be executed. The name of the task is also Indicated 
in the first SAM status register. The host CPU 810 reg- 
ularly performs polling to access the first SAM status 
10 register 

[0265] In the second SAM status register, flags are set 
indicating whether the execution of a task has been re- 
quested from the host CPU 810 or is in the standby 

IS [0266] The I/O write command is first sent from the 
host CPU 810 to the SAM 105^, which is an I/O device, 
followed by data and address information to be written. 
The address Information (data storage location) Is 
stored in the common memory space shared by the host 

20 CPU 810 and the SAM 105^. 

[0267] It is required that the memory address space 
within the SAM 105., should be invisible from the host 
CPU 810 (tamper-resistance characteristics). Accord- 
ingly, the memory address space within the SAM 105^ 

25 should be managed so that only part of a static random 
access memory (SRAM) for a work stack, or part of an 
external flash ROM (electrically erasable programmable 
read only memory (EEPROM)) Is visible from the host 
CPU 810. Thus, a large amount of data is written Into 

30 part of the SRAM or part of the EEPROM from the host 
CPU 810, and a small amount of data Is written into a 
temporary register within the SAM 105i which can be 
visible from the host CPU 810. 

[0268] The address of an interrupt routine to be exe- 
35 cuted by an interrupt is referred to as the "interrupt vec- 
tor". The interrupt vectors are stored In the vector table 
according to the order of the Intenrupt types. 
[0269] Upon receiving an external interrupt, as shown 
in Fig. 25, according to the interrupt type (number), the 
40 host CPU 81 0 extracts the inten-upt vector from the in- 
terrupt vector table stored in the memory, and executes 
the corresponding routine started from the address (in- 
terrupt vector) as a sub-routine. 

[0270] In this embodiment, in performing one of the 
45 above-described tasks 1 through 3, an extemal interrupt 
occurs from the corresponding I/O device by a physical 
interrupt signal, and the host CPU 81 0 sends a function 
call (procedure call) by using an internal interrupt (soft- 
ware Interrupt) to the SAM 105., and request it to exe- 
50 cute the inten-upt routine (task) according to the Interrupt 
type (number). Then, the host CPU 810 receives the ex- 
ecution result of the task and starts to take another ac- 
tion. 

[0271] The internal interrupt Is a software interrupt 
55 generated from the user program, i.e., the CPU, as il- 
lustrated in Fig. 26. The Internal interrupt is generated 
by the execution of an INT command of a machine lan- 
guage. 
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[0272] Details of the function call (procedure call) are 
as follows. 

[0273] An interrupt routine is formed of small func- 
tions, and a command name is defined for each function. 
By designating the command name together with the in- 
terrupt command INT from the user program, the target 
function can be fulfilled. This is referred to as the "func- 
tion call (procedure call)". In this manner, the function 
call is performed through the internal Interrupt (software 
interrupt). 

[0274] In perfonning the function call, parameters for 
executing the interrupt routine are delivered by inputting 
the function call number in the register of the CPU, 
thereby designating the target function. The result is re- 
turned to the register or the memory, or the correspond- 
ing operation is performed. 

[0275] For example, in executing code A within the us- 
er program shown in Fig. 27, the host CPU 810 desig- 
nates the interrupt command INT and the command 
name "INT 21 H", and the CPU of the SAM 105, access- 
es the memory area corresponding to the interrupt type 
"211-1", and also accesses a command analyzer, thereby 
executing the sub-routine of the function 3. 
[0276] The processing statuses of the CPU of the 
SAM 105i are discussed below with reference to Fig. 
28. 

[0277] There are five statuses of the CPU of the SAM 
1 05^ , as illustrated In Fig. 28: a reset status ST1 , an ex- 
ception handling status ST2, a program execution sta- 
tus ST3, a bus-right release status ST4, and a low power 
status ST5. 

[0278] Details of the individual statuses are as fol- 
lows. 

[0279] The reset status ST1 is a status in which the 
CPU Is reset, 

[0280] The exception handling status ST2 is a transi- 
tional status in which the CPU is shifting the processing 
status due to an external handling factor, such as reset- 
ting or interrupt processing. In performing interrupt 
processing, by referring to a stack pointer (SP), the 
count value of a program counter (PC) and the value of 
a status register (SR) are temporarily stored in a stack 
area. The address at which the interrupt routine is start- 
ed Is then extracted from the exception-handling vector 
table, and the routine is branched to the address, there- . 
by starting the program. The status of the CPU is then 
shifted to the program execution status ST3. 
[0281] The program execution status ST3 is a status 
in which the CPU is sequentially executing programs. 
[0282] The bus-right release status ST4 is a status in 
which the CPU releases the bus to a device which has 
requested a bus right. 

[0283] The low power status ST5 has three modes, 
such as a sleep mode, a standby mode, and a module 

standby mode. 

(1) Sleep mode 

The operation of the CPU is discontinued, but 



data stored in the internal register of the CPU, data 
in a built-in cache memory, and data in a built-in 
RAM are retained. The functions of built-in periph- 
eral modules other than the CPU are still working, 
s The sleep mode is released by resetting, any 

internjpt, or a direct memory access (DMA) address 
error, and is shifted to the program execution status 
ST3 via the exception handling status ST2. 

(2) Standby mode 

10 in the standby mode, the functions of the CPU, 

a built-in module, and an oscillator are completely 
stopped. Data of a built-in cache memory and data 
of a built-in RAM are not retained. The standby 
mode is released by resetting or an external non- 

'5 maskable interrupt (NMI). After being released, the 
standby mode is shifted to the normal program sta- 
tus via the exception handling status ST2 after the 
lapse of a period required for stabilizing oscillations. 
In the standby mode, since the oscillator is stopped, 

20 power consumption is considerably reduced. 

(3) Module standby mode 

The supply of a clock to a built-in module, such 
as a DMA, is discontinued. 

25 [0284] The relationship between the host CPU 810 
and the SAM 1 05i is described below through a memory 
space with reference to Fig. 29. 
[0285] Upon receiving an external internjpt through a 
user's operation on a button, as shown in Fig. 29, a CPU 

30 81 Oa of the host CPU 81 0 Internjpts the execution of the 
user program, and designates the interrupt type so as 
to access the hardware interrupt area of the interrupt 
vector table. Then, the CPU 81 Oa executes the interrupt 
routine stored in the accessed address. The interrupt 

35 routine describes the process for outputting a function, 
call 1-1, 1-2, 2, or 3, which is the intemal interrupt, to 
the SAM 1 05.) so as to request the SAM 1 05, to execute 
the corresponding task, and for acquiring the execution 
result from the SAM 1 05^ and then returning to the user 

40 program. More specifically, the CPU 810a writes infor- 
mation for specifying the task into an SRAM 1155, which 
forms part of a memory 1 05, a within the SAM 1 05, and 
which serves as a common memory for the host CPU 
810 and the SAM 105^ 

45 [0286] In outputting the internal inten-upt to the SAM 
105i, the CPU 810a of the host CPU 810 turns on the 
task waiting flag of a second SAM status register 1 1 56b 
within the SAM 105,. 

[0287] A CPU 1 1 00 of the SAM 1 05^ checks the sec- 
50 ond SAM status register 1 1 56b and accesses the SRAM 
1155 so as to specify the type of task requested by the 
host CPU 810, thereby executing the corresponding in- 
ten-upt routine. The interrupt routine is executed by 
reading sub-routines, as stated above, which include, 
ss for example, mutual authentication with a recording me- 
dium, an AA/ compression/decompression SAM, a me- 
dia drive SAM, an IC card, and the EMD sen/ice center 
1 02, mutual authentication between machines, and cre- 
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ating and checking of signature data. 
[0288] The CPU 1100 of the SAM 105^ stores the re- 
sult of the interrupt routine (task result) in the SRAM 
1 155, and also turns on the task completion flag of a first 
SAM status register 1156a within the SAM lOS,. 
[0289] After checking that the task completion flag of 
the first SAM status register 1156a is on, the host CPU 
810 reads the task result from the SRAM 1155 and re- 
turns to the processing of the user program. 
[0290] The functions of the SAM 1 05, are as follows. 
It should be noted that the functions of the SAMs lOSg 
through 1064 are similar to those of the SAM 105,. 
[0291] The SAM 105, perfonns accounting process- 
ing for each content, and communicates with the EMD 
service center 1 02. The standards and version of the 
SAM 1 05^ may be managed by the EMD service center 
1 02. If it is desired by electric home appliance manufac- 
turers that the SAM lOS^ be loaded in electric home ap- 
pliances, the EMD service center 1 02 may license such 
manufacturers to use the SAM 1 05^ as a black-box ac- 
counting module for perfonning accounting In units of 
contents. For example, the EMD service center 102 
standardizes the 10, such as the IC Interface, of the SAM 
1 05, without making it known to the manufacturers, and 
the SAM 1 05i is loaded in the network device 1 60^ ac- 
cording to the standards. The SAMs 1 0Sg through 1 05+ 
are loaded in the A/W machines I6O2 through I6O4, re- 
spectively. 

[0292] The processing content of the SAM 105, is 
completely shielded from an external source and is thus 
protected from being externally monitored or tampered. 
The SAM 1 05^ Is a function module which is implement- 
ed by executing a tamper- resistant hardware module 
(for example, an IC module) in which prestored data or 
currently processing data cannot be tampered with, or 
by executing software (private program) by the CPU. 
[0293] if the functions of the SAM 105, are imple- 
mented by an IC, a private memory is disposed within 
the IC, and a private program and private data are stored 
in the private memory. If the functions of the SAM 105, 
are incorporated into part of a machine ratherthan being 
implemented by using a physical fomn, such as an IC, 
the portion incorporating the functions may be defined 
as a SAM. 

[0294] in the example of the network device 160^ 
shown in Fig. 22, the secure container 1 04 is output from 
the communication module 1 62 to the SAM 1 05., , as in- 
dicated by the solid line. However, as indicated by the 
one-dot chain lines, the key file KF may be output from 
the communication module 162 to the SAM 105^, and 
the content file CF may be directly written into the down- 
load memory 167 from the communication module 1 62 
via a CPU bus. 

[0295] The content data C may be output to the A/V 
compression/decompression SAM 163 directly from the 
download memory 167 by skipping the SAM lOS^. 
[0296] The functions of the SAM 1 05^ are specifically 
described below with reference to the functional block 



of Fig. 30. 

[0297] Fig. 30 illustrates the data flow for receiving the 
secure container 1 04 from the content provider 1 01 and 
processing for decoding the key file KF within the secure 
5 container 1 04. 

[0298] The SAM 105, includes, as shown in Fig. 30, 
a mutual authentication unit 170, encryption/decryption 
(decoding) units 171, 172, and 173, a content provider 
manager 180, a download memory manager182, an A/ 

'0 V compression/decompression SAM manager 184, an 
EMD service center manager 1 85, a usage monitor 1 86, 
an accounting processor 187, a signature processor 
1 89, a SAM manager 1 90, a storage unit 1 92, a medium 
SAM manager 197, a work memory 200, an external 

'5 memory manager 811 , and a CPU 1100. 

[0299] The CPU 1100 receives the internal interrupt 
S810 from the host CPU 810 and controls the entire 
processing within the SAM 1 05^. 
[0300] The correlation of the components of the SAM 

20 1 05i and the elements of the present invention is as fol- 
lows. The content provider manager 1 80 an d the down- 
load memory manager 1 82 con-espond to input process- 
ing means, the accounting processor 187 con-esponds 
to determining means, log data generation means, and 

25 UCS data generation means, the encryption/decryption 
(decoding) unit 172 corresponds to decoding means, 
and the usage monitor unit 186 corresponds to usage 
control status means. The encryption/decryption (de- 
coding) unit 173 corresponds to encryption means. A 

30 medium drive SAM manager 855 shown in Fig. 45, 
which is discussed below, corresponds to recording 
control means. The signature processor 189 corre- 
sponds to signature processing means. 
[0301 ] As discussed above, the individual functions of 

35 the SAM 1 05^ are implemented by executing the private 
program by the CPU or by operating predetermined 
hardware. The hardware configuration of the SAM 1 05, 
is discussed below. 

[0302] In the external memory 201 of the network de- 
40 vice 1 60., , as shown in Fig. 31 , the usage log data 1 08 
and the SAM registration list are stored. 
[0303] The memory space of the external memory 
201 is invisible from an external source of the SAM 1 05^ 
(for example, the host CPU 810), and only the SAM 105i 
45 is allowed to manage access to the storage area of the 
external memory 201 . As the external memory 201 , a 
flash memory or a ferroelectric memory (FeRAM) may 
be used. 

[0304] As the work memory 200, an SRAM may be 
50 used. The work memory 200 may include, as shown in 
Fig. 32, the content key data Kc, the UCP data 1 06, lock 
key data Klqc °^ tt^e storage unit 1 92, the public key 
certificate CERcp of the content provider 101 , the UCS 
data 166, and the SAM program download containers 
55 SDCf through SDC3, which are stored in the secure con- 
tainer 104. 

[0305] As one of the functions of the SAM 1 05.,, the 
processing executed by the functional blocks when the 
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secure container 1 04 is received (downloaded) from the 
content provider 101 is described below with reference 
to Fig. 30. This processing is centrally controlled by the 
CPU 1100 which has received the internal interrupt 
S810 for downloading the content from the host CPU s 
810. 

[0306] In sending and receiving data online by the 
SAM 105i with the content provider 101 and the EMD 
service center 102, the mutual authentication unit 170 
performs mutual authentication with the content provld- 
erl 01 and the EMD service center 1 02 to generate ses- 
sion key data (common key data) Kses> outputs it 
to the encryption/decryption (decoding) unit 171. The 
session key data Kg^s is newly created every time mu- 
tual authentication is conducted. 
[0307] The encryption/decryption (decoding) unit 1 71 
encrypts and decrypts the data sent to and received 
from the content provider 1 01 and the EMD service cent- 
er 1 02 by using the session key Kses created by the 
mutual authentication unit 1 70. 
[0308] If the download memory 1 67 shown in Fig. 22 
is provided with a medium SAM 167a, as shown in Fig. 
22, mutual authentication is performed between the mu- 
tual authentication unit 170 and the medium SAM 167a. 
Then, the download memory manager 1 82 encrypts the 
content by using the session key data Kses obtained by 
mutual authentication, and writes the encrypted data in- 
to the download memory 1 67 shown in Fig. 22. As the 
download memory 1 67, a non-volatile semiconductor 
memory, such as a Memory Stick may be used. 
[0309] If a memory without a mutual authentication 
function, such as a hard disk drive (HDD), shown in Fig. 
33, is used as a download memory 211 , the download 
memory 211 is unsecured. Accordingly, the content file 
OF is downloaded into the download memory 211 , and 
the highly secret key file KF is downloaded Into, for ex- 
ample, the work memory 200 shown in Fig. 30 or the 
external memory 201 shown in Fig. 22. 
[0310] In storing the key file KF in the external mem- 
ory 201, the SAM lOS^ encrypts it by using message 
authentication code (MAC) key data K^ac the CBC 
mode and stores it in the external memory 201 , and also 
stores part of the final block of the ciphertext in the SAM 
105, as a MAC value. In reading the key file KF from 
the external memory 201 to the SAM 1 05, , the read key 
file KF is decrypted with the MAC key data K^ac. and 
then, the resulting MAC value is compared with the 
stored MAC value, thereby verifying the integrity of the 
key file KF In this case, instead of the MAC value, a 
hash value may be used. 
[0311] The encryption/decryption (decoding) unit 172 
decodes the content key data Kc, the UCP data 106, 
and the SAM program download containers SDC, 
through SDC3 within the key file KF stored in the secure 
container 104 received from the download memory 
manager 1 82 by using the license key data KD, through 
KD3 of corresponding periods read from the storage unit 
192. 



[0312] The decoded content key data Kc, the UCP da- 
ta 106, and the SAM program download containers 
SDC, through SDC3 are written into the work memory 
200. 

[0313] The EMD service center manager 1 85 manag- 
es communication with the EMD service center 102 
shown in Fig. 1. 

[0314] The signature processor 189 verifies the integ- 
rity of the signature data within the secure container 1 04 
by using the public k6y data K^scp of the EMD service 
center 1 02 and the public key data Kgp p of the content 
provider 1 01 read from the storage unit 1 92. 
[0315] The storage unit 1 92 has the following data, as 
shown in Fig. 34, as private data protected from being 
read or written from outside the SAM ■[05■^■. a plurality of 
license key data KD, through KD3 having effective 
dates, a SAM_ID, a user ID, a password, an identifier 
HNG_ID of a home network group to which the SAM 
105, belong, an information reference ID, a SAM regis- 
tration list, a revocation list of devices and recording me- 
dia, storage key data Ks-nn. public key data Kr.ca.p of a 
route CA, public key data Kggcp of the EMD service 
center 102, a source key data for mutual authentication 
with a driving SAM (when the common. key cryptosys- 
tem is employed), a public key certificate of a driving 
SAM (when the private key cryptosystem is employed), 
private key data Ksami.s of the SAM 105, (when the 
common key cryptosystem is employed), a public key 
certificate CERsami in which the public key data 
•^SAMi.p of the SAM 1051 is stored (when the private 
key cryptosystem is employed), signature data SIG22 of 
a public key certificate CER^sc obtained by using the 
private key data K^scs of the EMD service center 1 02, 
source key data for mutual authentication with the A/V 
compression/decompression SAM 1 63 (when the com- 
mon key cryptosystem is employed), source key data 
for mutual authentication with the medium SAM (when ■ 
the common key cryptosystem is employed), public-key 
certificate data CER|^edsam of the medium SAM (when 
the public key cryptosystem is employed), the signal 
source which can be handled, the compression method, 
the display performance of a monitor to be connected, 
the format conversion function, the presence or ab- 
sence of a bit stream recorder, rights processing (profit 
distribution) data, an ID of related entities which receive 
profits, etc. 

[0316] In Fig. 34, the items of data having the symbol 
* marked at the left side are stored in the storage unit 
192 when shipping the SAM 105,, and the other items 
of data are stored in the storage unit 1 92 when user reg- 
istration is performed after shipping the SAM 105,. 
[0317] A private program for implementing at least 
part of the functions shown in Fig. 30 is also stored in 
the storage unit 1 92. 

[0318] As the storage unit 192, aflash-EEPROM may 
be used. 
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Processing to be executed when license key data is 
received 

[0319] A description is now given, with reference to 
Figs. 33 and 35, of the process within the SAM 105., 
when storing the license key data KD, through KD3 re- 
ceived from the EMD service center 1 02 in the storage 
unit 192. 

[0320] Fig. 35 is a flow chart illustrating the process 
within the SAM 1051 when storing the license key data 
KDi from the EMD service center 102 through KD3 in 
the storage unit 192. 

[0321] In step S35-0, the CPU 11 00 of the SAM 105i 
receives the internal interrupt S81 0 indicating an in- 
struction to receive the license key data from the host 
CPU 810. 

[0322] In step S35-1, mutual authentication is per- 
formed between the mutual authentication unit 1 70 of 
the SAM 105i and the ElVID service center 102. 
[0323] Then , in step 835-2, the license key data KD, 
through KD3 for three months and the con-esponding 
signature data SIGi^^^ through SIGkd3,esc encrypt- 
ed with the session key data Kg^g obtained by mutual 
authentication performed in step S3S-1 are written from 
the EMD service center 1 02 to the work memory 200 via 
the EMD service center manager 1 85. 
[0324] In step S35-3, the encryption/decryption (de- 
coding) unit 171 decrypts the license key data KD^ 
through KD3 and the signature data SIG^q^ through 
SIGkdg.esc using the session key data kges- 
[0325] Subsequently, in step 835-4, the signature 
processor 1 89 verifies the integrity of the signature data 
SIGkdi,esc through SIGkd3,esc stored in the work 
memory 200 and then writes the license key data KD, 
through KD3 in the storage unit 192. 
[0326] In step S35-5, the CPU 1 1 00 reports the result 
of the processing for receiving the license key data to 
the host CPU 810 through an external interrupt. 
[0327] Alternatively, the CPU 1100 may set a flag in 
the SAM status register indicating whether the above- 
described receiving processing has been correctly per- 
formed, in which case, the host CPU 81 0 may read the 
flag by polling. 

Processing to be executed when the secure container 
104 is received from the content provider 1 01 

[0328] A description is now given of, with reference to 
Figs. 30 and 36, of the flow within the SAM 1 05, when 
receiving the secure container 1 04 from the content pro- 
vider 101. 

[0329] In the example described below, the content 
file OF is written into the download memory 1 67 via the 
SAM 105.,. In the present invention, however, the con- 
tent file CF may be directly written into the download 
memory 167 without passing through the SAM 105.,. 
[0330] Fig. 36 is a flow chart illustrating the process 
within the SAM 1 05, when receiving the secure contain- 



er 1 04 from the content provider 101. 
[0331] In the subsequent example, the SAM 1 05^ ver- 
ifies the various items of signature data when receiving 
the secure container 104. Alternativeiy, the signature 
s data may be verified when the purchase/usage mode is 
detennined. 

[0332] In step S36-0, the CPU 11 00 of the SAM 1 05^ 
shown in Fig. 30 receives from the host CPU 810 the 
internal interrupt S810 indicating an instruction to re- 

10 ceive the secure container 1 04. 

[0333] In step S36-1, mutual authentication is con- 
ducted between the mutual authentication unit 170 of 
the SAM 1 05i and the content provider 101. 
[0334] Then, in step S36-2, mutual authentication is 

'5 perfonned between the mutual authentication unit 170 
of the SAM 105., and the medium SAM 167a of the 
download memory 1 67. 

[0335] In step S36-3, the secure container 104 re- 
ceived from the content provider 101 is written into the 

so download memory 167. Simul-taneously, the secure 
container 104 is encrypted in the mutual authentication 
unit 1 70 and is decrypted in the medium SAM 1 67a by 
using the session key data obtained in step S36-2. 
[0336] Subsequently, in step S36-4, the SAM 1 05., de- 

25 codes the secure container 1 04 with the use of the ses- 
sion key data obtained in step S36-1 . 
[0337] In step S36-5, after verifying the signature data 
SIG, ESC indicated by Fig. 3C, the signature processor 
189 verifies the signature data SIGg cp and SIG7 by 

30 using the public key data K^pp of the content provider 
101 stored in the public-key certificate data CERcp 
shown in Fig. 3C. 

[0338] When the signature data SIGgcp is verified, 
the integrity of the creator and the sender of the content 

35 file CF is verified. 

[0339] When the signature data SIGy^p is verified, 
the sender of the integrity of the key file KF is verified. 
[0340] Thereafter, in step S36-6, the signature proc- 
essor 189 checks the integrity of the signature data 

to SIGj^i ESC within the key file KF shown in Fig. SB, i.e., 
the integrity of the creator of the key file KF, by using the 
public key data Kesc.p '^^ad from the storage unit 1 92, 
and also checks whether the key file KF is registered in 
the EMD service center 102. 

ts [0341] In step S36-7, the encryption/decryption (de- 
coding) unit 1 72 decrypts (decodes) the content key da- 
ta Kc, the UCP data 1 06, and the SAM program down- 
load containers SDC, through SDC3 within the key file 
KF shown in Fig. 3B by using the license key data KD, 

50 through KD3 of corresponding periods read from the 
storage unit 1 92, and writes them into the work memory 
200. 

[0342] Then, in step S36-8, the CPU 11 00 reports to 
the host CPU 81 0 through an external interrupt whether 
ss the secure container 1 04 has been correctly received. 
Alternatively, the CPU 1100 may set a flag in the SAM 
status register indicating whether the secure container 
1 04 has been appropriately received, and the host C PU 
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81 0 may read the flag by polling. 
[0343] The processing performed by the Individual 
functional blocks for purchasing and using the content 
data C downloaded into the download memory 167 is 
described below with reference to Fig. 37. 
[0344] The processing of the functional blocks are 
centrally controlled by the CPU 11 00 which receives the 
internal interrupt S810 from the host CPU 810. 
[0345] The usage monitor 186 reads the UCP data 
106 and the DCS data 166 from the work memory 200, 
and monitors the situation to make sure that the content 
is purchased and used within the license restricted by 
the UCP data 1 06 and the UCS data 1 66. 
[0346] As stated with reference to Fig. 36, the UCP 
data 1 06 is stored in the key file KF in the work memory 
200 after being decoded. 

[0347] The UCS data 1 66 is stored In the work mem- 
ory 200 when the purchase mode Is detennlned by the 
user, as discussed below. The UCS data 166 includes 
the user ID who has purchased the content data C, the 
tracing information, etc., I.e., the same data as the UCP 
data 106 shown in Fig. 3B. except for the UCS Informa- 
tion indicating the purchase mode determined In the pur- 
chase-mode determining processing. 
[0348] In receiving the internal interrupt 881 0 Indicat- 
ing an instruction to determine the purchase mode or 
the usage mode of the content from the CPU 81 0 shown 
in Fig. 22, the accounting processor 1 87 creates the cor- 
responding usage log data 1 08. 
[0349] As stated above, the usage log data 108 Indi- 
cates the history of the purchase and usage modes of 
the secure container 1 04 made by the user, and Is used 
when perfomnlng the settlement processing and deter- 
mining the license fee by the EMD service center 1 02 
according to the purchase of the secure container 104. 
[0350] The accounting processor 1 87 informs the us- 
er of the sales price or the SRP read from the work mem- 
ory 200 if necessary. The sales price and the SRP are 
contained within the decoded UCP data 106 of the key 
file KF shown in Fig. SB stored in the work memory 200. 
[0351] The accounting processing by the accounting 
processor 1 87 Is performed under the monitoring of the 
usage monitor 186 based on the rights, such as the li- 
cense agreement conditions, represented by the UCP 
data 106, and the UCS data 166. That Is, the user pur- 
chases and uses the content within the allowance of the 
rights. 

[0352] The accounting processor 187 also creates, 
based on the internal interrupt S81 0, the UCS data 1 66 
indicating the purchase mode of the content determined 
by the user, and writes it into the work memory 200. 
[0353] In this embodiment, after the purchase mode 
is detennined, the UCS data 166 Is stored in the work 
memory 200. However, the UCS data 1 66 and the con- 
tent key data Kc may be stored In the external memory 
201 . As the external memory 201 , a flash memory, which 
is a non-volatile RAM, may be used, as stated above. 
In writing the UCS data 166 and the content key data 



Kc into the external memory 201 , integrity check is per- 
fonned for verifying the integrity of the external memory 
201 , in which case, a storage area of the external mem- 
ory 201 is divided into a plurality of blocks, and a hash 
5 value is detennined for each block by using SHA-1 or 
MAC, and the determined hash values are controlled in 
the SAM 105,. 

[0354] Instead of determining the purchase mode in 
the SAM 105^, the secure container 104 may be trans- 
10 ferred to anotherSAM, such as SAM 1 0S^ through 1 05^, 
in which case, the UCS data 166 Is not created. 
[0355] The purchase modes of the content include, for 
example, "sell through" in which no restriction is im- 
posed on playback operation by the purchaser and cop- 
's ying forthe use of the purchaser, "time limited" in which 
the period of use is restricted, "pay per play" in which 
charging incurs every time the content is played back, 
"pay perSCMS" in which charging incurs every time the 
copied content is played back in a SCMS device, "sell 
20 through SCMS copy" in which copying in a SCMS device 
Is allowed, and "pay per copy N without copy guard" in 
which charging incurs every time the content Is played 
back without setting a copy guard. 
[0356] The UCS data 166 Is created when the user 
25 determines the purchase mode of the content, and is 
thereafter used tor controlling so that the purchase uses 
the content within the allowance of the determined pur- 
chase mode. The UCS data 166 includes the content 
ID, the purchase mode, the price according to the pur- 
30 chase mode, a SAM_ID of the SAM which has pur- 
chased the content, and a user_ID of the user who has 
purchased the content. 

[0357] If the determined purchase mode Is "pay per 
play", "pay per SCMS", or "pay per copy N without copy 

35 guard", upon purchasing the content data C, the SAM 
1 05, may send the UCS data 1 66 to the content provider 
101 in real time, and the content provider 101 may in- 
struct the EMD sen^ice center 1 02 to fetch the usage log 
data 108 within a predetermined period. 

40 [0358] If the determined purchase mode is "sell 
through", the UCS data 1 66 may be sent to both the con- 
tent provider 1 01 and the EMD service center 1 02 in real 
time. Thus, In this embodiment, regardless of the pur- 
chase mode, the UCS data 166 Is sent to the content 

45 provider 101 in real time. 

[0359] The EMD service center manager 1 85 regular- 
ly sends the usage log data 1 08 read from the external 
memory 201 via the external memory manager 811 to 
the EMD service center 1 02. 

50 [0360] In this case, the signature processor 1 89 cre- 
ates the signature data SlG2oo,sAr*ii °^ t^e usage log da- 
ta 108 by using the private key data Kg^^., g, and the 
EMD service center manager 185 sends the signature 
data SIG200.SAM1 together with the usage log data 108 

ss to the EMD service center 1 02. 

[0361] The EMD sen^ice center manager 185 may 
send the usage log data 1 08 regularly In response to a 
request from the EMD service center 1 02, or when his- 
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tory information in the usage log data 108 exceeds a 
predetermined amount. The amount of history informa- 
tion Is determined according to, for example, the storage 
capacity of the external memory 201 . 
[0362] When the CPU 1 1 00 receives the internal In- s 
terrupt S81 0 Indicating an Instruction to play back the 
content from the host CPU 810 shown in Fig. 22, the 
download memory manager 1 82 outputs the content da- 
ta C read from the download memory 1 67, the content 
key data Kc read from the work memory 200, and user io 
digital Infonnation data 196 input from the accounting 
processor 1 87 to the A/V compression/decompression 
SAIVI manager 184. 

[0363] Upon receiving the Internal interrupt S810 in- 
dicating an instruction to listening to the content for dem- is 
onstration, the down load-memory manager 1 82 outputs 
the contentf ile CF read from the download memory 1 67, 
the content key data Kc and partially disclosing param- 
eter data 1 99 read from thie work memory 200 to the A/ 
V compression/decompression SAM manager 1 84. 20 
[0364] The partially disclosing parameter data 1 99 Is 
described in the UCP data 106, and indicates the han- 
dling of the content In the demonstration mode. This en- 
ables the A/V compression/decompression SAIV1 163 to 
play back the encrypted content data C in a panlally dis- 25 
closing state based on the partially disclosing parameter 
data 199. As the partially disclosing techniques, the fol- 
lowing techniques are available. By utilizing the fact that 
the AA/ compression/decompression SAM 163 proc- 
esses data (signal) in units of predetenmined blocks, 30 
some blocks are decoded by using the content key data 
Kc, and some blocks are not decoded by using the con- 
tent key data Kc according to the partially disclosing pa- 
rameter data 1 99. Or, the playback functions in the dem- 
onstration mode are restricted, orthe period for listening 35 
to the content for demonstration is limited. 

Processing for determining the purchase mode of the 
downloaded secure container 

40 

[0365] A description Is now given, with reference to 
Figs. 37 and 38, of the process of the SAM 1 05^ for de- 
temnining the purchase mode of the secure container 
104 downloaded from the content provider 101 to the 
download memory 167. -ts 
[0366] In the subsequent processing, in detennining 
the purchase mode of the secure container 1 04, the sig- 
nature data within the secure container 104 is not veri- 
fied (as stated above, the signature data Is verified when 
receiving the secure container 1 04). However, the sig- so 
nature data may be checked in determining the pur- 
chase mode. 

[0367] Fig. 38 is a flow chart illustrating the process 
for determining the purchase mode of the secure con- 
tainer 104 downloaded from the content provider 101 to S5 
the download memory 167. 

[0368] In step S38-0, the CPU 1100 of the SAM 105, 
shown In Fig. 37 receives from the host CPU 810 the 
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internal interrupt 8810 Instructing the SAM 105., to de- 
termine the purchase mode of the content. 
[0369] The CPU 1100 then detennines In step S38-1 
whether the internal interrupt S810 from the host CPU 
810 indicates the demonstration mode, and if so, the 
CPU 1100 executes the processing ofstepS38-2. If not, 
the CPU 1100 executes the processing of step S38-5. 
[0370] In step S38-2, the content key data Kc and the 
partially disclosing parameter data 199 read from the 
work memory 200 are output to the A/V compression/ 
decompression SAM 163 shown in Fig. 22. Simultane- 
ously, after performing mutual authentication between 
the mutual authentication unit 1 70 of the SAM 1 05■^ and 
a mutual authentication unit 220 of the A/V compres- 
sion/decompression SAM 163, the content key data Kc 
and the partially disclosing parameter data 199 are en- 
crypted and decrypted by using the session key .data 

[0371] In step S38-3, upon receiving the Internal In- 
terrupt S810 Indicating the demonstration mode from 
the host CPU 810, the CPU 1100 outputs the content 
file CF stored in the download memory 1 67 to the A/V 
compression/decompression SAM 1 63 shown in Fig. 22 
via the /VV compression/decompression SAM manager 
184. 

[0372] Simultaneously, mutual authentication for the 
content file CF Is conducted between the mutual authen- 
tication unit 1 70 and the medium SAM 1 67a of the down- 
load memory 1 67, and the content file CF is encrypted 
and decoded with the session key data Kg^g. Also, mu- 
tual authentication for the content file CF is performed 
between the mutual authentication unit 1 70 and the mu- 
tual authentication unit 220, and the content file CF Is 
encrypted and decoded with the session key data Kg^s- 
[0373] The content file CF is decoded with the session 
key data Kg^s a decoder 221 of the A/V compression/ 
decompression SAM 163 shown in Fig. 22, and is then 
output to a decoder 222. 

[0374] Then, In step S38-4, the decoded partially dis- 
closing parameter data 199 is output to a partially dis- 
closing processor 225 of the A/V compression/decom- 
pression SAM 1 63, and the content data C is decoded 
in a partially disclosing state by the decoder 222 using 
the content key data Kc under the control of the partially 
disclosing processor 225. 

[0375] The partially disclosed decoded content data 
C is decompressed in a decompression unit 223, and is 
outputto a digital-watermark Information processor224. 
[0376] In the digital-watermark Information processor 
224, the user digital information data 1 96 Is embedded 
into the content data C, and then, the content data C is 
played back in the playback module 1 69 so as to output 
sound corresponding to the content data C. 
[0377] The digital-watermark information processor 
224 also detects the digital watermark information em- 
bedded in the content data C, and detennines whether 
the processing should be discontinued based on the de- 
tection result. 
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[0378] In step S38-5, when the user determines the 
purchase mode by operating the operation unit 1 65, the 
i nternal interrupt S81 0 corresponding to the determined 
purchase mode is output from the host CPU 810 to the 

SAM 105,. 

[0379] Subsequently, In step S38-6, the accounting 
processor 187 of the SAM 105, creates the usage log 
data 1 08 and the UCS data 1 66 according to the deter- 
mined purchase mode, and writes the usage log data 
1 08 to the external memory 201 via the external memory 
manager 81 1 and also writes the UCS data 1 66 to the 
work memory 200. 

[0380] Thereafter, the usage monitor 186 controls 
(monitors) the situation to make sure that the purchase 
and use of the content are controlled within the condi- 
tions allowed by the UCS data 166. 
[0381] In step S38-7, a new key file KF^ shown in Fig. 
39C, which is discussed below, is created, and Is stored 
in the download memory 1 67 or another memory via the 
download memory manager 1 82. 
[0382] The UCS data 1 66 stored In the key file KF^ is 
encrypted, as shown in Fig. 39C, with the storage key 
data Kgyn and medium key data Kj^gQ by utilizing the 
CBC mode of the DES. 

[0383] The storage key data K^-m is data determined 
by the type of machine, such as a super audio compact 
disc (SACD) machine, a digital versatile disc (DVD) ma- 
chine, a compact disc recordable (CD-R) machine, or a 
mini disc (MD) machine, and is used for corresponding 
one type of machine to one type of recording medium. 
The medium key data K^ed 's data unique to the record- 
ing medium. 

[0384] In step S38-8, In the signature processor 189, 
the hash value H,^^ of the key file KF., Is created by using 
the private key data Kg^^^, g of the SAM 105.,, and is 
written into the work memory 200 in correspondence 
with the key file KF^. The hash value is used for 
verifying the Integrity of the key file KF^ andlhe identity 
of the creator of the key file KF^. 
[0385] In sending the content data C with the pur- 
chase mode determined online or via a recording medi- 
um, a secure container 1 04p is created, as illustrated in 
Figs. 39A through 39D, which stores the key file KF^ and 
hash value H^^^ therefor, the content file CF and signa- 
ture data SIGg CP therefor, the key file KF and signature 
data SIG7 cp, the public-key certificate data CERcp and 
signature data SIG, ggc therefor, and public-key certif- 
icate data CERg;^^^., and signature data SIG22.ESC 
therefor 

[0386] As discussed above, upon determining the 
purchase mode of the secure container 104p, the UCS 
data 1 66 Is created and is stored In the work memory 
200. If the purchase mode ofthe same secure container 
1 04p is re-detennlned in the SAM 1 05^ , the UCS data 
1 66 stored in the work memory 200 is updated accord- 
ing to the external Interrupt (operation signal) 8165. 
[0387] Then, in step S38-9, the CPU 1100 checks 
whether the above-described purchase-mode deter- 



mining processing has been correctly executed, and re- 
ports the corresponding infonnation to the host CPU 81 0 
via an external Inten-upt. 

[0388] Alternatively, the CPU 1100 may set a flag in 
5 the SAM status register indicating whether the above- 
described purchase-mode determining processing has 
been correctly executed, in which case, the host CPU 
81 0 reads the flag by polling. 

»o Playback processing of content data 

[0389] A description is given below, with reference to 
Fig. 40, of the process for playing back the content data 
C, for which the purchase mode Is determined, stored 
'5 in the download memory 1 67, 

[0390] This processing Is executed, assuming that the 
UCS data 1 66 is stored in the work memory 200 by the 
aforementioned purchase-mode determining process- 
ing. 

20 [0391 ] In step 840-0, the CPU 1 1 00 of the SAM 1 05, 
shown in Fig. 37 receives the internal interrupt 8810 in- 
dicating an Instruction to play back the content from the 
host CPU 81 0. 

[0392] In step S40-1 , the UCP data 1 66 is read from 
2S the work memory 200 to the usage monitor 1 86, and the 
usage monitor 1 86 interprets and verifies the playback 
conditions described in the UCP 166, and monitors the 
situation so that the subsequent playback operation Is 
perfonned based on the UCP data 156. 
30 [0393] Then, in step S40-2, mutual authentication Is 
perfonned between the mutual authentication unit 170 
shown in Fig. 37 and the mutual authentication unit 220 
of the A/V compression/decompression SAM 163 
shown in Fig. 22, and the session key data Kggg is 
35 shared therebetween. 

[0394] In step S40-3, the playback conditions inter- 
preted and verified in step 840-1 and the content key 
data Kc read from the work memory 200 are encrypted 
by using the session key data KgEs obtained in step 
40 S40-2, and are output to the A/V compression/decom- 
pression SAM 1 63. 

[0395] Accordingly, the playback conditions and the 
content key data Kc are decoded with the session key 
data KsEs in the decoder 221 of the AA/ compression/ 
45 decompression SAM 163 shown in Fig. 22. 

[0396] Subsequently, In step S40-4, the content file 
CF read from the download memory 1 67 is encrypted 
by using the session key data Kg^g, and is then output 
to the A/V compression/decompression SAM 1 63. 
50 [0397] Accordingly, the content file CF Is decoded 
with the session key data Kges decoder 221 of 

the /W compression/decompression SAM 163. Subse- 
quently, the content data C within the content file CF is 
decompressed in the decompression unit 223 of the A/ 
55 V compression/decompression SAM 163, and the user 
digital watemiark Information is embedded Into the de- 
compressed content data C in the digital-watermark in- 
formation processor 224. Then, the content data C is 
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played back in the playback module 169. 
[0398] In step S40-5, the UCS data 1 66 read In step 
S40-1 Is updated if necessary, and the updated UCS 
data 1 66 Is again written Into the work memory 200. The 
usage log data 108 stored In the external memory 201 
is updated or newly created. 

[0399] The CPU 11 00 then detennlnes In step S40-6 
whether the content playback processing has been cor- 
rectly performed, and reports the result to the host CPU 
810 through an external interrupt. 
[0400] Alternatively, the CPU 11 00 may set a flag in 
the SAM status register indicating whether the content 
playback processing has been correctly performed, and 
the host CPU 810 may read the flag by polling. 

Processing to be executed when the USC data 166 of 
one machine Is utilized for re-purchasing the content In 
another machine 

[0401] After detemilning the purchase mode of the 
content file CF downloaded into the download memory 
1 67 of the network device 1 601 , a new secure container 
1 04x storing the content file CF Is created, as shown in 
Fig. 41 , and Is transferred to the SAM lOSs of the A/V 
machine leOgViathebus 191. The processing to be ex- 
ecuted in the SAM 105^ In the above-described opera- 
tion is discussed below with reference to Figs. 42 and 
43. 

[0402] The processing shown in Fig. 43 is executed, 
assuming that the key file KF^ and the hash value H^^ 
shown In Fig. 440 are stored In the work memory 200 
of the SAM 105^ by the above-described purchase 

processing. 

[0403] In step S43-1, according to the user's opera- 
tion performed on the operation unit 165, the CPU 1 1 00 
of the SAM 105., shown in Fig. 42 receives the internal 
interrupt S810 Indicating an Instruction to transfer the 
secure container 1 04x, for which the purchase mode is 
determined, to the SAM 1 0Sg. Accordingly, the account- 
ing processor 187 updates the usage log data 108 
stored in the external memory 201 . 
[0404] Then , in step S43-2, the SAM 1 0S^ checks the 
SAM registration list, which is discussed below, to verify 
the official registration of the SAM 1 0Sj, which is to re- 
ceive the secure container 104x. If so, the SAM 105^ 
performs the processing of step S43-3. The SAM 105.| 
also detemnines whether the SAM lOSg is a SAM within 
the home network. 

[0405] In step S43-3, the mutual authentication unit 
170 shares the session key data Kgeg obtained after 
perfonning mutual authentication with the SAM lOSg. 
[0406] in step S43-4, the SAM manager 1 90 reads the 
content file CF and the signature data SIGg cp shown in 
Fig. 39A from the download memory 211 , and controls 
the signature processor 189 to accordingly create sig- 
nature data SIG^., s;^^^, by using the private key data 
KsAMi of the SAM 105^. 

[0407] Then, in step S43-5, the SAM manager 190 
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reads the key file KF and the signature data SIGycp 
shown in Fig. 39B from the download memory 211 , and 
controls the signature processor 1 89 to accordingly cre- 
ate signature data SIG42 sami by using the private key 
5 data KsMA^ of the SAM l OS,. 

[0408] Thereafter, in step S43-8, the SAM manager 
190 creates the secure container 104x shown in Figs. 
44A, 44B, and 44C. 

[0409] In step S43-7 , the secure container 1 04x is en- 

10 crypted with the session key data Kggg obtained In step 
S43-3 in the encryption/decryption (decoding) unit 1 71 . 
[0410] Subsequently, in step S43-8, the SAM manag- 
er 190 outputs the secure container 104x to the SAM 
1052 of the A/V machine I6O2 shown in Fig. 41 . In this 

IS case, simultaneously with mutual authentication be- 
tween the SAM 1 05, and the SAM 1 0Sj, mutual authen- 
tication for the IEEE-1394 serial bus 191 is perfonned. 
[0411] Then, in step S43-9, the CPU 11 00 detennines 
whether the secure container 104x, for which the pur- 

20 chase mode Is determined, has been correctly trans- 
fen-edto the SAM 1052, and reports the resultto the host 
CPU 810 through an extemal intermpt. 
[0412] Alternatively, the CPU 11 00 may set a flag in 
the SAM status register Indicating whether the secure 

25 container 104x has been correctly transferred to the 
SAM 1 052, and the host CPU 81 0 may read the flag by 
polling. 

[0413] A description is now given, with reference to 
Figs. 45, 46, and 47, of the process executed within the 
30 SAM lOSg when the secure container 104x shown in 
Figs. 44A through 44D received from the SAM 105^ is 
written into the recording medium (RAM) 1304(Fig. 14), 
as Illustrated In Fig. 41 . 

[0414] Figs. 46 and 47 are a flow chart illustrating the 

35 above-described process. 

[0415] As shown in Figs. 14 and 41 , the recording me- 
dium (RAM) 1 3O4 has the unsecured RAM area 1 34, the 
medium SAM 133, and the secure RAM area 132. 
[0416] Referring to Fig. 46, in step S46-0, the CPU 

40 1100 shown in Fig. 45 receives, from the host CPU 810 
of the network device 1 6O2 shown in Fig. 41 , the internal 
Interrupt S81 0 indicating an instruction to receive the se- 
cure container 1 04x from the network device I6O1. 
[0417] In step S46-1 , the SAM 1 0Sg checks the SAM 

■*5 registration list to determine whether the SAM lOS^, 
which sends the secure container 104x, is officially reg- 
istered. If so, the SAM 1 OSg perfonns the processing of 
step S46-2. The SAM 1062 also checks whether the 
SAM 105., is a SAM within the home network. 

50 [041 8] In response to the processing of the above-de- 
scribed step S43-3 shown in Fig. 43, the SAM 1 0Sg 
shares the session key Kg^g acquired by perfomiing 
mutual authentication with the SAM 1 05^ . 
[0419] In step S46-3, the SAM manager 190 of the 

55 SAM 1 052 receives, as shown in Figs. 41 and 45, the 
secure container 1 04x from the SAM 1 05^ of the net- 
work device 1 60.| . 

[0420] In step S46-4, the encryption/decryption (de- 
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coding) unit 1 71 of thie SAM 1 052 decodes the secure 
container 104x received via the SAM manager 190 by 
using the session l<ey data Ks^s obtained in step S46-2. 
[0421] Then, in step S46-5, the content file CF within 
the secure container 104x decoded by the session key 
data Kggs undergoes processing in the medium drive 
SAIVI manager 855 shown in Fig. 45, such as sectoriz- 
ing, adding a sector header, scrambling, error-correct- 
ing code (ECC) encoding, modulating, and synchroniz- 
ing, and is then stored in the RAM area 134 of. the re- 
cording medium (RAM) I3O4. 

[0422] In step S46-6, the signature data SIGg ^p and 
SIG4i,sAMi. the key file KF and the signature data 
SIG7 CP and SIG42 SAMI. an<^ the key file KF., and the 
hash value thereof H^^,, the public key signature data 
CERqp and the signature data SIG, therefor, and 
the public key signature data CERg^^^, and the signa- 
ture data SIG22, esc therefor within the secure container 
1 04x, all of which are decoded with the session key data 
KsEs, are written into the work memory 200. 
[0423] Subsequently, In step S46-7, the signature 
processor 1 89 verifies the integrity of the public-key cer- 
tificate data CERcp and CERsami usi"9 the public 
key data Kcp.p read from the storage unit 192. The sig- 
nature processor 1 89 also checks the integrity of the sig- 
nature data SIGg CP by using the public key data Kcpp 
stored in the public-key certificate data CERsami so as 
to verify the integrity of the creator of the content file CF. 
The signature processor 189 also checks the integrity 
of the signature data SIG^^ s^mi by using the public key 
data KsAMip stored in the public-key certificate data 
CERsami so as to verify the Integrity of the sender of 
the content file CF. 

[0424] In step 846-8, the signature processor 1 89 ver- 
ifies the integrity of the signature data SIGy cp and 
SIG42 sAMi stored in the work memory 200 by using the 
public key data K^p and KsAMi,pSoasto verify the send- 
er of the key file KF. 

[0425] Further, in step S46-9, the signature processor 
1 89 checks the integrity of the signature data SIG^i^esc 
stored in the key file KF shown in Fig. 44B by using the 
public key data K^s^ p read from the storage unit 1 92, 
thereby making It possible to verify the creator of the key 
file KR 

[0426] Referring to Fig. 47, In step S46-1 0, the Signa- 
ture processor 1 89 checks the integrity of the hash value 
so as to verify the integrity of the creator and the 
sender of the key file KF, . 

[0427] In this example, the creator and the sender of 
the key file KF^ are the same. However, if they are dif- 
ferent, signature data for both the creator and the sender 
are created, and the signal processor 189 verifies the 
integrity of both the signature data. 
[0428] In step S46-1 1 , the usage monitor 1 86 controls 
the purchase and usage modes of the content data C 
by using the UCS data 166 stored in the key file KF^ 
decoded in step 846-10. 

[0429] in step S46-12, upon detemnining the pur- 



chase mode by operating the operation unit 1 65 by the 
user, the CPU 1100 of the SAM lOSg receives the cor- 
responding internal interrupt S810. 
[0430] In step S46-1 3, the accounting processor 1 87 

5 updates the usage log data 108 stored in the externa! 
memory 201 under the control of the CPU 1100. The 
accounting processor 187 also updates the UCS data 
166 every time the purchase mode of the content data 
Is determined. In this case, the UCS data 1 66 of the 

10 sender SAM is discarded. 

[0431] Then, in step S46-14, the encryption/decryp- 
tion (decoding) unit 173 of the SAM 1063 encrypts the 
UCS data 166 generated in step S46-1 2 by sequentially 
using the storage key data Kgyp, the medium key data 
Kmed. and the purchase key data Kp,N read from the 
storage unit 192, and outputs the encrypted UCS data 
166 to the medium drive SAM manager 855. 
[0432] In step S46-15, the medium drive SAM man- 
ager 855 executes processing, such as sectorizing, 

20 adding a sector header, scrambling, ECC encoding, 
modulating, and synchronizing, on the key file KF., hav- 
ing the updated UCS data 166, and stores It in the se- 
cure RAM area 132 of the recording medium (RAM) 
13O4. 

25 [0433] The medium key data 

I^MED has already been 
stored in the storage unit 192 by mutual authentication 
between the mutual authentication unit 1 70 of the SAM 
1052 shown in Fig. 45 and the medium SAM 133 of the 
recording medium 13O4 shown in Fig. 41 . 

30 [0434] The storage key data Kgyp, is data detennined 
by the type of machine (in this example, the A/V machine 
I6O2), such as a SACD machine, a DVD machine, CD- 
R machine, or an MD machine, and Is used for corre- 
sponding one type of machine to one type of recording 

•35 medium. A SACD and a DVD have the same physical 
structure of a disk medium. Accordingly, data on a 
SACD can be recorded and played back by using a DVD 
machine, in which case, the storage key data Kstr 
serves the function of preventing illegal copying. In this 

40 embodiment, encryption with the use of the storage key 
data KsTR may not be performed. 
[0435] The medium key data K^ed 's data unique to 
the recording medium (In this example, the recording 
medium (RAM) 13O4). 

45 [0436] The medium key data K^ed is stored in a stor- 
age medium (in this example, the storage medium 
(RAM) I3O4 shown in Fig. 41), and encryption and de- 
cryption is preferably performed by using the medium 
key data Ki^^^ in the medium SAM of the recording me- 

50 dium intennsofthesecurity. In this case, if the recording 
medium is provided with a medium SAM, the medium 
key data K^ed 's stored in the medium SAM, and If not, 
the medium key data K^^d is stored within the RAM ar- 
ea, I.e., an area (not shown) outside the control of the 

ss host CPU 810. 

[0437] As In this embodiment, mutual authentication 
nnay be pert'omied between the SAM lOSg and the me- 
dium SAM (in this example, medium SAM 133), and 
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then, the medium key data K^ed may be transferred to 
the SAM 1052 via a secure communication path, and 
encryption and decryption may be performed in the SAM 
1 0S2 by using the medium l<ey data Ki^^q. 
[0438] In this embodiment, the storage key data Kg-rR 
and the medium key data KiygQ may be used for pro- 
tecting the security of the physical layer of the recording 
medium. 

[0439] The purchaser key data Kp,|y, is data indicating 
the purchaser of the content file CF, and If the content 
is purchased in the "sell through" mode, the purchaser 
key dataKpjN is assigned to the userfromthe EI\/1D serv- 
ice center 1 02. The purchaser key data Kpi^ is managed 
by the EMD service center 1 02. 

[0440] In step S46-1 6, the key file KF is read from the 
work memory 200, and is written into the secure RAM 
area 132 of the recording medium (RAM) 13O4 by the 
medium drive SAM 260 shown In Fig. 41 via the medium 
drive SAM manager 855. 

[0441] In step S46-1 7, the CPU 1 1 00 of the SAM 1 0Sj 
reports the result of the processing for the received se- 
cure container 1 04x to the host CPU 81 0 through an ex- 
ternal interrupt. 

[0442] Altematively, the CPU 1100 may set a flag in 
the SAM status register indicating whether the above- 
described processing has been correctly performed, 
and the host CPU 810 may read the flag by polling. 
[0443] In the above-described embodiment, the key 
files KF and KF, are recorded on the secure RAM area 
132 of the recording medium (RAM) I3O4 via the medi- 
um drive SAM 260. However, the key files KF and KF^ 
may be recorded on the medium SAM 1 33 from the SAM 
1052, 2S indicated by the one-dot chain line in Fig. 41 . 
[0444] In the aforementioned embodiment, the se- 
cure container 104x is sent from the SAM 105^ to the 
SAM lOSg. However, the content file CF and the UCP 
data 106 may be sent from the network device 160^ to 
the A/V machine IO62 under the control of the host 
CPUs of the network device lOS, and the A/V machines 
IO62. In this case, the UCS data 166 and the content 
key data Kc are sent from the SAM 1 05, to the SAM 
lOSg. 

[0445] As a modification to the above-described em- 
bodiment, the purchase mode is detemilned In the SAM 
1 05i , and the SAM 1 0Sg uses the UCS data 1 66 without 
detennining the purchase mode. In this case, the usage 
log data 108 is created only in the SAM 105,, but not In 
the SAM 1052. 

[0446] In purchasing the content data C, for example, 
an album consisting of a plurality of content data C may 
be purchased. In this case, the plurality of content data 
C may be provided by different content providers 101 
(in the second embodiment, which is described below, 
the plurality of content data C may be provided by dif- 
ferent service providers 310). Alternatively, part of the 
content data C forming an album may be initially pur- 
chased, and later, the remaining content data C may be 
gradually purchased. As a result, the whole album is 



purchased. 

[0447] Fig. 48 illustrates examples of various pur- 
chase modes of the content data C. 
[0448] The network device 1 60., purchases the con- 
5 tent data C which has been received from the content 
provider 1 01 by using the UCP data 1 06, and generates 
UCS data 1 66a. 

[0449] Similarly, the A/V machine 1 6O2 purchases the 
content data C which has been received from the con- 
ic tent provider 101 to the network device 160., by using 
the UCP data 106, and generates UCS data 166b. 
[0450] The /W machine 1 6O3 copies the content data 
C purchased by the A/V machine 1 eOg, and determines 
the usage mode by using the UCS data 1 66b created in 
*5 the A/V machine leOj. As a result, UCS data 166c is 
generated in the A/V machine I6O3. The /W machine 
I6O3 also creates usage log data 108b from the UCS 
data 1 66c. 

[0451 ] The network device 1 6O4 receives the content 
data C which has been received from the content pro- 
vider 101 to the network device 160., and detemilned 
the purchase mode in the network device 1 60., , and then 
determines the purchase mode by using the UCS data 
1 66 created by the network device 1 60^ . As a result, the 
UCS data 166a is generated in the /W machine I6O4, 
and usage log data 108a is also created from the UCS 
data 166a. 

[0452] The UCS data 166a, 166b, and 166c are re- 
spectively encrypted in the AV machines I6O4, I6O2, 
and I6O3 by using the storage key data Kgyp, unique to 
the machine and the medium key data K^^d unique to 
the recording medium, and are recorded on the corre- 
sponding recording media. 

[0453] In this embodiment, the user pays for licensing 
rights for the content data C rather than for property 
rights. The copying of the content data contributes to 
promotion of the content, and also satisfies the de- 
mands of the right holders of the content data in view of 
expediting the sale. 

Processing for detennining the purchase mode of 
content data on a recording medium (ROM) 

[0454] As shown in Fig. 49, the recording medium 
(ROM) 130i shown in Fig. 11 which stores the content 
and for which the purchase mode is still undetermined 
is distributed offline to the /W machine 1 6O2 via a user 
home network 103, and the /W machine I6O2 deter- 
mines the purchase mode. This processing is discussed 
below with reference to Figs. 50 and 51 . 
[0455] Referring to Fig. 51, in step S51-0, according 
to the user's operation perfomied on the operation unit 
165, the CPU 1100 of the SAM lOSj shown in Fig. 50 
receives the internal interrupt S810 indicating an in- 
struction to detemiinethe purchase mode of the content 
distributed via a recording medium (ROM). 
[0456] In step SS1-1 , after performing mutual authen- 
tication between the mutual authentication unit 170 
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shown in Fig. 50 and the medium SAM 133 of the re- 
cording medium (ROM) 130., shown in Fig. 11, the SAM 
1 052 receives the medium l<ey data K^^^q from the me- 
dium SAM 133. If the SAM 1052 already has the medium 
l<ey data K^^ed stored therein, it is not necessary to re- 
ceive the medium l<ey data K^^q. 
[0457] Then, in step S51-2, the key file KF and the 
signature data SIG7 cp therefor, and the public-key cer- 
tificate data CERcp and the signature data SIG^ 
therefor, which are shown in Figs. SB and 3C, stored in 
the secure container 104 recorded on the secure RAIVI 
area 132 of the recording medium (ROM) 130.,, are writ- 
ten into the work memory 200 via tfie medium drive SAM 
manager 855. 

[0458] in step S51-3, after verifying the integrity of the 
signature data SIG.,^3c, the signature processor 189 
extracts the public key data K^pp from the public-key 
certificate data CERcp, and verifies the Integrity of the 
signature data SIGy ^p. i.e., the sender of the key file 
KF, by using the public key data Kcp.p- 
[0459] The signature processor 1 89 also verifies the 
integrity of the signature data SIG^lesc stored in the 
key file KF, I.e., the creator of the key file KF, by using 
the public key data K^g^p read from the storage unit 
192. , ' 

[0460] Subsequently, in step S51 -4, after verifying the 
Integrity of the signature data SIG7 cp and SIGj^, gsc 
the signature processor 1 89, the key file KF is read from 
the work memory 200 and written Into the encryption/ 
decryption (decoding) unit 172. 

[0461] Then, the encryption/decryption (decoding) 
unit 172 decrypts (decodes) the content key data Kc, 
the UCP data 1 06, and the SAM program download con- 
tainers SDC^ through SDC3 stored in the key file KF by 
using the license key data KD^ through KD3 of con-e- 
sponding periods, and writes them into the work mem- 
ory 200. 

[0462] In step S51-5, after conducting mutual authen- 
tication between the mutual authentication unit 170 
shown in Fig. 50 and the AA/ compression/decompres- 
sion SAM 163 shown in Fig. 49, the A/V compression/ 
decompression SAM manager 1 84 of the SAM 1 SOg out- 
puts the content key data Kc stored in the work memory 
200, the partially disclosing parameter data 199 stored 
In the UCP data 1 06, and the content data C stored in 
the content file CF read from the ROM area 131 of the 
recording medium (ROM) 1 30, to the AA/ compression/ 
decompression SAM 163 shown In Fig. 49. 
[0463] Then, the /W compression/decompression 
SAM 163 decodes and decompresses the content data 
C In the partially disclosing mode by using the content 
key data Kc, and outputs it to the playback module 270. 
The content data C is then played back in the playback 
module 270. 

[0464] Thereafter, In step S51-6; the purchase mode 
of the content is detemnlned according to the user's op- 
eration of the operation unit 165 shown in Fig. 49, and 
the internal Interrupt SB10 indicating the detennined 



purchase mode Is output to the CPU 1 1 00 of the SAM 
lOSg. 

[0465] In step S51-7, the accounting processor 187 
creates the UCS data 166 according to the operation 
5 signal SI 65 and writes it into the work memory 200. 
[0466] In step S51 -8, the content key data Kc and the 
UCS data 1 66 are output from the work memory 200 to 
the encryption/decryption (decoding) unit 173. 
[0467] The encryption/decryption (decoding) unit 1 73 
JO then sequentially encrypts the content key data Kc and 
the UCS data 166 by using the storage key data KgyR, 
the medium key data K^ed, and the purchaser key data 
Kpii^ read from the storage unit 192, and writes them 
into the work memory 200. 
15 [0468] in step S51 -9, the medium SAM manager 1 97 
creates the key file KF., shown In Fig. 44C from the en- 
crypted content key data Kc, the UCS data 1 66, and the 
SAM program download containers SDC, through 
SDC3 read from the work memory 200. 
20 [0469] In the signature processor 189, the hash value 
Hk, of the key file KF, shown in Fig. 44C Is created, and 
is output to the medium drive SAM manager 855. 
[0470] After conducting mutual authentication be- 
tween the mutual authentication unit 170 shown in Fig. 
25 50 and the medium SAM 133 shown In Fig. 49, the me- 
dium drive SAM manager 855 writes the key file K F, and 
the hash value H^i to the secure RAM area 1 32 of the 
recording medium (ROM) 130, via the medium drive 
SAM 260 shown in Fig. 49. As a result, the recording 
30 medium 130,, for which the purchase mode is deter- 
mined. Is obtained. 

[0471 ] Simultaneously, the UCS data 1 66 and the us- 
age log data 1 08 created by the accounting processor 
1 87 are appropriately sent from the work memory 200 
35 and the extemal memory 201 , respectively, to the EMD 
service center 1 02. 

[0472] If the key file KF Is stored in the medium SAM 
133 of the recording medium (ROM) 1301, the SAM 
1 052 receives the created key file KF, from the medium 
'to SAM 133, as indicated by the one-dot chain line in Fig. 
49. In this case, the SAM 1052 writes the created key 
file KF, into the medium SAM 133. 
[0473] In step S51 -1 0, the CPU 1 1 00 of the SAM 1 0Sg 
determines whether the processing for determining the 
'fs purchase mode of the content distributed via the above- 
described recording medium (ROM) has been correctly 
performed, and reports the result to the host CPU 810 
through an external Interrupt. 

[0474] Alternatively, the CPU 1100 may set a flag in 
50 the SAM status register Indicating whether the above- 
described processing has been correctly performed, 
and the host CPU 81 0 may read the flag by polling. 

Processing for writing content data into a recording 
55 medium (RAM) after the purchase mode of the content 
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data in a recording medium (ROM) has been 
determined 

[0475] As shown in Fig. 52, the secure container 104, 
for winicli the purchase mode is still undetermined, is 
read from the recording medium (ROM) 1 30.,, and a new 
secure container 104y is created in the A/V machine 
I6O3 and is transferred to the A/V machine ISOg. The 
purchase mode of the secure container 104y is deter- 
mined in the AA/ machine 1 eOg, and the secure contain- 
er 104y is written into the recording medium (RAM) 
13O5. The flow of this process is described below with 
reference to Figs. 53, 54, and 55. 

[0476] It should be noted that the transfer of the se- 
cure container 104y from the recording medium (ROM) 
130, to the recording medium (RAM) 13O5 may be per- 
formed among any of the network device 1 60, and the 
AA/ machines I6O2 through I6O4 shown in Fig. 1. 
[0477] Referring to the flow chart of Fig. 55, in step 
S55-0, according to the user's operation performed on 
the operation unit 165, the CPU 1100 shown in Fig. 53 
receives the internal interrupt S810 Indicating an in- 
struction to transfer the secure container 1 04, for which 
the purchase mode is still undetermined, read from the 
recording medium (ROM) 130i to the SAM 1052- 
[0478] In step S55-1 , the SAM 1 0S3 checks the SAM 
registration list so as to determine whether the SAM 
lOSg, which is to receive the secure container, is official- 
ly registered. If so, the SAM lOSg performs processing 
of step S55-2. The SAM 1 0Bg also checks whether the 
SAM 1 052 is a SAM within the home network. 
[0479] Then, in step S55-2, mutual authentication is 
performed between the SAM 1063 and the SAM 1052 
so as to share the session key data Ksgg. 
[0480] In step S55-3, mutual authentication is con- 
ducted between the SAM 1 063 of the /W machine 1 6O3 
and the medium SAM 133^ of the recording medium 
(ROM) 130.,, and the medium key data K^eoi of the re- 
cording medium 130, is transfen-ed to the SAM 1063. 
[0481 ] I f encryption using the medium key data K^edi 
is perfomied in the medium SAM 133., of the recording 
medium (ROM) 130^, the medium key data K^edi 's not 
transferred to the SAM 1 053. 

[0482] Then , in step S55-4, mutual authentication is 
performed between the SAM 1052 of the /W machine 
I6O2 and the medium SAM 1885 of the recording medi- 
um (RAM) 1 3O5, and the medium key data K,y4EQ2 °^ 
recording medium 1 3O5 is transferred to the SAM 1 0Sg. 
[0483] If encryption using the medium key data Kmed2 
is perfomied in the medium SAM ISSg of the recording 
medium (RAM) 1 3O5, the medium key data Kmed2 is not 
transferred to the SAM 1 062. 

[0484] In step S55-5, as shown in Fig. 53, the SAM 
1 0Sg reads the content file CF and the signature data 
SIG6,cp from the ROM area 131 of the recording medi- 
um (ROM) 130i via the medium drive SAM manager 
855, and outputs them to the SAM manager 1 90 and 
also controls the signature processor 1 89 to create the 



signature data SIG350 sam3 using the private key data 

KsAM3,S- 

[0485] In step S55-6, as shown in Fig. 53, the SAM 
1063 reads the key file KF and the signature data 

5 SIG7 CP from the secure RAM area 1 32 of the recording 
medium (ROM) 130., via the medium drive SAM man- 
ager 855, and outputs them to the SAM manager 190 
and also controls the signature processor 189 to create 
the signature data SIG352 sams I^Y using the private key 

10 dataKsAM3,s 

[0486] Then, in step S55-7, in the SAM 1063, the pub- 
lic-key certificate data CERsamg and the signature data 
SIG351ESC are read from the storage unit 192 to the 
SAM manager 190. 

IS [0487] In step S55-8, the secure container 104y 
shown in Figs. 54A through 54D is created in, for exam- 
ple, the SAM manager 1 90 of the SAM 1 063. 
[0488] in step S55-9, the encryption/decryption (de- 
coding) unit 171 of the SAM lOSg encrypts the secure 
container 1 04y by using the session key data K^es ob- 
tained in step S55-2. 

[0489] Thereafter, in step S55-1 0, the secure contain- 
er 1 04y is sent from the SAM manager 1 90 of the SAM 
1053 to the /W machine I6O2. 

[0490] Then, the CPU 1100 of the SAM IO53 deter- 
mines whether the above-described processing has 
been properly perfonned, and reports the result to the 
host CPU 810 through an external interrupt. 
[0491] Alternatively, the CPU 1100 may set a flag in 
the SAM status register indicating whether the above- 
described processing has been properly executed, and 
the host CPU 81 0 may read the flag by polling. 
[0492] In the SAM 1 0Sg, under the control of the CPU 
1100 according to the internal interrupt 8810 from the 
host CPU 81 0, as shown in Fig. 57, the secure container 
104y shown in Figs. S4A through 54D input from the 
SAM 1 053 via the SAM manager 1 90 is decoded in the 
encryption/decryption (decoding) unit 171 by using the 
session key data KgEs 

[0493] Then, in step S55-11 , the key file KF and the 
signature data SIG7 and SIG35o_sam3. 'tie public-key 
certificate data CERqams and the signature data 
S'^ssi.ESC' and the public-key certificate data CER^p 
and the signature data SIG^ 

,ESc within the secure con- 
tainer 104y are written into the work memory 200. 
[0494] In step S55-1 2, the signature processor 1 89 of 
the SAM 1 0Sj verifies the signature data SIGg and 
SIG35Q SAM3 stored in the secure container 104y, i.e., the 
integrity of the creator and the sender of the content file 
CF. 

[0495] Then , in step S55- 1 3, the content f ile CF is writ- 
ten into the RAM area 134 of the recording medium 
(RAM) 13O5 via the medium drive SAM manager 855. 
The content file CF may be directly written into the RAM 
area 134 of the recording medium (RAM) 13O5 without 
the SAM 1 052 under the control of the host CPU 81 0. 
[0496] Subsequently, in step S55-14, the signature 
processor 1 89 checks the signature of the signature da- 
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ta SIG351 ECS so as to verify the integrity of the public- 
key certificate data CERsams, ^'^^ t^hen verifies the in- 
tegrity of the signature data SIG7 cp. SIGasa.sAwa. ^nd 
SIGklesC' '•^■< the integrity of the creator and the send- 
er of the key file KF, by using the public key data Kg^Ma 
and the public key data K^g^ p stored in the public-key 
certificate data CERg^^^^a. 

[0497] Thereafter, in step S55-15, the key file KF is 
read from the work memory 200 Into the encryption/de- 
cryption (decoding) unit 172, and Is decoded with the 
license key data KD^ through KD3 and is again written 
into the work memory 200. 

[0498] In step S55-1 6, the UCP data 1 06 of the de; 
coded key file KF stored in the work memory 200 is out- 
put to the usage monitor 1 86. Then, the purchase mode 
and the usage mode are managed (monitored) in the 
usage monitor 186 based on the UCP data 106. 
[0499] In step S55-1 7, by the user's operation on the 
operation unit 165 shown in Fig. 52, the purchase and 
usage modes of the content are determined, and the 
corresponding internal interrupt S810 is output to the 
CPU 1100 of the SAM lOSg. 

[0500] In step S55-1 8, the UCS data 1 66 and the us- 
age log data 1 08 are created In the accounting proces- 
sor 1 87 based on the detemiined purchase and usage 
modes, and are written into the work memory 200 and 
the external memory 201 , respectively The UCS data 
166 and the usage log data 108 are appropriately sent 
to the EMD service center 1 02. 

[0501] Then, in step S55-19, the content key Kc and 
the UCS data 1 66 are read from the wori< memory 200 
into the encryption/decryption (decoding) unit 173, and 
are sequentially encrypted by using the storage key data 
Kgyp,, the medium key data K^EDg- purchaser 
key data Kpu^, read from the storage unit 192. The en- 
crypted data are then output to the medium SAM man- 
ager 197. The key file KF is also output from the work 
memory 200 to the medium SAM manager 1 97. 
[0502] In step S55-20, the key file KF, shown in Fig. 
44C is generated in the medium SAM manager 1 97, and 
is written into the medium SAM ISSg of the recording 
medium ( RAM) 1 3O5 via the medium SAM manager 1 97. 
The key file KF Is also written Into the medium SAM 1 385 
of the recording medium (RAM) 13O5 via the medium 
SAM manager 197. 

[0503] In step S55-21 , the CPU 1 1 GO of the SAM 1 0Sg 
determines wfiether the above-described processing 
has been precisely performed, and reports the result to 
the host CPU 81 0 through an external interrupt. 
[0504] Alternatively, the CPU 1100 may set a flag in 
the SAM status register indicating whether the afore- 
mentioned processing has been accurately performed, 
and the host CPU 81 0 may read the flag by polling. 
[0505] The implementation method of the SAMs 105, 
through 1064 Is as follows. 

[0506] In implementing the functions of the SAMs 
1 05^ through 1 064 as hardware, an application specified 
IC (ASIC)-type CPU having a bulit-ln memory Is used, 



and a security function module, a program module for 
performing content rights processing, and highly secret 
data, such as key data, are stored in the memory to im- 
plement the functions shown in Fig. 30. Aseries of rights 

5 processing program modules, such as an encryption li- 
brary module (public key encryption, common key en- 
cryption, a random-number generator, hash functions), 
aprogram module for restricting the use of the contents, 
an accounting program module, etc. are implemented 

'0 as, for example, software. 

[0507] For example, a module, such as the encryp- 
tion/decryption (decoding) unit 171, Is Implemented as 
an IP core within an ASIC-type CPU as hardware in view 
of the processing rate. In terms of the performance, such 

'5 as the clock rate or the CPU code system, the encryp- 
tion/decryption (decoding) unit 171 may be implement- 
ed as software. 

[0508] As the storage unit 1 92 and a memory for stor- 
ing program modules and data for Implementing the 
so functions shown in Fig. 30, a non-volatile memory (flash 
ROM) may be used, and a fast memory, such as an 
SRAM ; may be used as the work memory. Or, a FeRAM 
may be employed as a memory Integrated in the SAMs 
105, through 1064. 
25 [0509] The SAMs 105i through 1064 also have a built- 
in timing function for checking the time and date required 
to verify the effective period and contracting period for 
the usage of the content. 

[0510] As stated above, the SAMs 1 05., through 1 05^ 
30 have a high tamper-resistance structure in which the 
program modules, the data, and the processing con- 
tents are shielded from an external source. Each SAM 
sets an address space which Is Invisible from the corre- 
sponding host CPU by using a memory management 
35 unit (MMU) for managing the memory address of the 
host CPU. With this arrangement, highly private pro- 
grams and the contents of data stored in the memory of 
the IC of each SAM, a group of registers relating to the 
system configuration of the SAM, an encryption library, 
"to and a group of registers of clocks can be protected from 
being read or written via a host CPU bus. That is, the 
above-described data and programs of each SAM are 
protected from being In the address space assigned by 
the host CPU. 

•*5 [0511] The SAMs lOS^ through 1064 are also resist- 
ant to physical attacks from an external source, such as 
X rays and heat. Additionally, even if real time debug- 
ging (reverse engineering) is performed by using a de- 
bugging tool (hardware in-circuit emulator (ICE) or soft- 
so ware ICE), the processing content is invisible, orthe de- 
bugging tool itself becomes unusable after manufactur- 
ing the IC. 

[0512] In terms of the hardware structure, the SAMs 
^05■^ through 1064 are regular ASIC-type CPUs having 
ss a built-in memory, and the functions of the SAMs 1 05^ 
through 1 0S4 are dependent on the software which op- 
erates the CPU. However, the SAMs 105, through IO54 
are different from regular ASIC-type CPUs in that they 
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have a hardware structure provided with an encryption 

function and tamper resistance. 

[0513] On the other hand, there are two approaches 
to implement all the functions of the SAIVIs 1 05., through 
1 064 as software. One approach is to perform software s 
processing within a totally shielded module having high 
tamper resistance. The other approach is to perform 
software processing in a host CPU installed in an ordi- 
nary machine, but in which the software processing Is 
very difficult to decode. In the first approach, the encryp- w 
tion library module Is stored in the memory as a regular 
software module ratherthan an intellectual property (IP) 
core, namely, it can be considered to be implemented 
as hardware. On the other hand, according to the sec- 
ond approach, tamper-resistant software is used, and is 
even if the execution content is decoded by an ICE (de- 
bugger), the execution order of the tasks may be mean- 
ingless (in this case, the tasks are partitioned so that the 
single tasl< is meaningful as a program so as not to in- 
fluence the preceding and following tasl<s), or the tasks 20 
themselves may be encrypted. That is, the functions are 
implemented as a task scheduler (IVIIniOS) for enhanc- 
ing the security. The task scheduler provided is embed- 
ded in a target program. 

[0514] Details of the A/V compression/decompres- 25 
sion SAM 163 shown in Fig. 22 are given below. 
[0515] The AA/ compression/decompression SAM 
163 includes, as shown in Fig. 22, the mutual authenti- 
cation unit 220, the decoders 221 and 222, the decom- 
pression unit 223, the digital-watennark information 30 
processor 224, and a partially disclosing processor 225. 
[0516] The mutual authentication unit 220 performs 
mutual authentication with the mutual authentication 
unit 170 of the SAM 105, shown in Fig. 30 when the A/ 
V compression/decompression SAM 1 63 receives data 35 
from the SAM 1 05^ , and generates the session key data 

KgES. 

[0517] Thedecoder221 decodes the content key data 
Kc, the partially disclosing parameter 1 99, the user dig- 
ital watermark information data 1 96, and the content da- 40 
ta C received from the SAM 1 05, by using the session 
key data Kges- The decoder 221 then outputs the de- 
coded content key data Kc and the content data C to the 
decoder 222, and outputs the decoded user digital wa- 
temnark information data 1 96 to the digital-watemiark in- « 
fomiation processor 224, and also outputs the partially 
disclosing parameter 1 99 to the partially disclosing proc- 
essor 225. 

[0518] The decoder 222 decodes the content data C 
in the partially disclosing state by using the content key so 
data Kc under the control of the partially disclosing proc- 
essor 225, and outputs the decoded content data C to 
the decompression unit 223. The decoder 222 also de- 
codes the whole content data C with the content key da- 
ta Kc in the normal operating mode, I.e., the mode other ss 
than the partially disclosing mode. 
[0519] The decompression unit 223 decompresses 
the decoded content data C and outputs it to the digital- 



watermark infonnation processor 224. The decompres- 
sion unit 223 decompresses the content data C by us- 
ing, for example, the AA/ decompression software 
stored in the content file CP shown in Fig. 3A, according 
to, for example, the ATRAC3 method. 
[0520] The digital-watemiark information processor 
224 embeds the user digital watennark information ac- 
cording to the decoded user digital watermark informa- 
tion data 196 into the decoded content data C so as to 
create new content data C. The digital-watennark infor- 
mation processor 224 then outputs the newly created 
content data C to the playback module 1 69. 
[0521] In this manner, the user digital watermark in- 
formation is embedded into the content data C by the A/ 
V compression/decompression SAM 1 63 when repro- 
ducing the content data C. 

[0522] In the present invention, it may be determined 
that the user digital watennark information data 1 96 is 
not embedded into the content data C. 
[0523] The partially disclosing processor 225 informs 
the decoder 222, based on the partially disclosing pa- 
rameter 1 99, which blocks are to be decoded and which 
blocks are not to be decoded. The partially disclosing 
processor 225 may control the partially disclosing mode 
by, for example, restricting the playback functions for 
demonstration or limiting the period for listening to the 
content for demonstration. 

[0524] The playback module 169 performs the play- 
back operation according to the decoded and decom- 
pressed content data C. 

[0525] Processing for registering the SAMs 105^ 
through 1064 in the EMD service center 1 02 when they 
are shipped is as follows. The same registration 
processing is performed in the SAMs 1 0S^ through 1 064, 
and thus, only the registration of the SAM 105., is dis- 
cussed below. 

[0526] When shipping the SAM lOS^, the following 
key data is registered in the storage unit 192 shown in 
Fig. 30 via a SAM manager 149 by a key server 141 of 
the EMD service center 102. 

[0527] When the SAM 105, is shipped, for example, 
a program used for the initial access by the SAM 105^ 
to the EMD service center 102 is also stored in the stor- 
age unit 1 92. 

[0528] More specifically, the SAM 105^ stores in initial 
registration, for example, the identifier SAMJD of the 
SAM 105,, the storage key data Kg^R, the public key 
data Kf,.cA of the root certifying authority 92, the public 
key data K^scp of the EMD service center 1 02, the pri- 
vate key data Kg^MLs of the SAM 1051 , the public-key 
certificate data CERs^^i the signature data there- 
for SIGjg.Esc 3'^'^ *he source key data for creating the 
authentication key data between the AA/ compression/ 
decompression SAM 163 and the medium SAM, all of 
which have the symbol "*" attached on the left side of 
the data, as shown in Fig. 34. 

[0529] The public-key certificate data CERg^Mi may 
be sent from the EMD service center 1 02 to the SAM 



34 



67 



EP 1 130 492 A2 



105i when the SAM 105^ is registered after being 
shipped. 

[0530] In shipping the SAM 105,, the file reader des- 
ignating the reading format of the content file CF and 
the key file KF respectively shown in Figs. 3A and 3B is 
written into the storage unit 192 by the EMD service 
center 1 02. Then, in the SAM 1 05, , the file readerstored 
in the storage unit 192 Is used when reading the data 
stored in the content file CF and the key file KF. 
[0531 ] The public key data K^.^y^ of the root certifying 
authority 92 uses the River-Shannir-Adleman (RSA) al- 
gorithm, which is often used in electronic commerce on 
the Internet, and the data length is, for example, 1024 
bits. The public key data Kr.ca is issued by the root cer- 
tifying authority 92 Illustrated in Fig. 1. 
[0532] The public key data Kgscp of the EMD service 
center 102 Is generated by the elliptic curve cryptosys- 
tem, whose encryption strength Is comparable to or 
higher than the RSA, and the data length Is only, for ex- 
ample, 160 bits. However, considering the encryption 
strength, the public key data K^scp desirably has 192 
bits or greater. The EMD service center 102 registers 
the public key data K^gc p In the root certifying authority 
92. 

[0533] The root certifying authority 92 creates the 
public-key certificate data CER^sc of the public key data 
K^sc.p- The public-key certificate data CERgsc storing 
the public key data Kggc p is stored in the storage unit 
192 preferably when shipping the SAM 105^. In this 
case, the public-key certificate data CERgsc 's signed 
with the private key data Krqot.s of the root certifying 
authority 92. 

[0534] The EMD service center 1 02 generates a ran- 
dom number so as to create the private key data Ksami.s 
of the SAM 105, and also creates the public key data 
'^SAMi.pto form a pair with the private key data Kg^^,^, g. 
[0535] The EMD service center 102 also acquires a 
certificate from the root certifying authority 92 so as to 
issue the public-key certificate data CERsami of the 
public key data Ksami,p. and attaches signature data 
with the private key data Kggc.s of the EMD service 
center 102. That is, the EMD service center 102 serves 
as a second certifying authority. 
[0536] The unique identifier SAM_ID is assigned to 
the SAM 105i from the EMD service center 102 under 
the control of the EMD service center 102. The unique 
Identifier SAM_ID is stored In the storage unit 1 92 and 
Is also managed by the EMD service center 102. 
[0537] After being shipped, the SAM 1 05., Is connect- 
ed to the EMD service center 1 02 by, for example, a us- 
er, and is registered. Then, the license key data KD^ 
through KD3 are transferred from the EMD service cent- 
er 1 02 to the storage unit 1 92. 

[0538] That is, the user of the SAM 105, is required 
to register in the EMD service center 102 before down- 
loading the content. This registration Is perfonned of- 
fline, such as by mail, with a registration sheet attached 
to the machine (in this example, the network device 



I6O1) on which the SAM 105^ is loaded by filling in in- 
formation for specifying the user (user name, address, 
contact telephone number, gender, settlement account, 
login name, password, etc.). Until the above-described 
s registration has been conducted, the user Is unable to 
use the SAM 105^. 

[0539] The EMD service center 102 issues an identi- 
fier USER_ID unique to the user according to the user's 
registration, and manages the relationship between the 
10 SAMJD and the USER_ID, which is used for settling 
the account. 

[0540] The EMD service center 102 also assigns an 
information reference Identifier ID and a password, 
which is for Initial use of the user of the SAM 105^, and 
IS reports them to the user The user makes a query to the 
EMD service center 102 about, for example, the current 
usage situation of the content data (usage log) by using 
the information reference identifier ID and the password. 
[0541] The EMD service center 102 makes a query 
to, for example, acredit card company to checkthe iden- 
tity of the user, or to the user offline about the Identity of 
himself/herself in the user registration. 
[0542] A description is now given of the process for 
storing the SAM registration list in the storage unit 1 92 
within the SAM lOS^, as shown In Fig. 34. 
[0543] The SAM lOS^ shown In Fig. 1 obtains the 
SAM registration list of the SAMs lOSj through 1064, 
which are in the same system as the SAM 1 05^, by uti- 
lizing a topology map created when a machine connect- 
ed to the bus 191, for example, an IEEE-1 394 serial bus, 
is powered on, or when a new machine is connected to 
the bus 191. 

[0544] The topology map is created according to the 
bus 191, not only for the SAMs 105, through 1064, but 
also for SCMS processing circuits lOSj and 1 0Sg of A/ 
V machines 1 6O5 and 1 SOg which are also connected to 
the bus 191, as Illustrated in Fig. 58. Accordingly, the 
SAM 105, creates the SAM registration list shown in Fig. 
59 by extracting the Infomnatlon about the SAMs 105^ 
through 1064 from the topology map. 
[0545] The SAM 1 05^ then registers the SAM regis- 
tration list shown in Fig. 59 in the EMD service center 
1 02 so as to obtain the signature. 
[0546] The aforementioned processing is automati- 
cally executed by the SAM 1 05, by utilizing the session 
of the bus 191, and the SAM 105., issues the registration 
command of the SAM registration list to the EMD service 
center 102. 

[0547] Upon receiving the SAM registration list shown 
in Fig. 59 from the SAM 105.,, the EMD service center 
1 02 checks the effective period, and also checks for the 
settlement function designated by the SAM 1 0S^ during 
registration. The EMD service center 102 refers to the 
prestored revocation list (certificate revocation list 
(CRL)) shown in Fig. 60 and sets the revocation flag 
within the SAM registration list. The revocation list is a 
list of the SAMs which are prohibited from being used 
(have become invalid) due to illegal use. In performing 
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communication between the SAMs, each SAIVl checl<s 
the revocation list for whether the corresponding SAM 
has become invalid, In which case, the communication 
therebetween is discontinued. 

[0548] In settling the account, the EIMD service center 
102 checks the SAM registration list of the SAM 105^ 
forwhetherthe SAMs described in the list are contained 
in the revocation list. The EMD service center 102 also 
attaches the signature to the SAM registration list. 
[0549] As a result, the SAM registration list shown in 
Fig. 61 is created. 

[0550] The SAM revocation list is fomned for SAMs in 
thesame system{i.e., SAMs connected to the bus 191), 
and indicates whether each SAM is invalid according to 
a revocation flag for the corresponding SAM. 
[0551] The revocation list CRL is preferably updated 
automatically within the SAM according to, for example, 
updating data sent from the EMD service center 1 02 to 
the SAM. The security functions of the SAM are as fol- 
lows. 

[0552] As the security functions, the SAM possesses 
IP components of the encryption library, such as DES 
of the common key ciyptosystem (Triple DES/advanced 
encryption standard (AES)), the elliptic curve cryptosys- 
tem of the public key cryptosystem (signature creation/ 
checking EC-DSA, common key creation EC-D. H ., and 
public key cryptosystem EC-Elgamal), compression 
function (hash function) SHA-1 , and a random-number 
generator (intrinsic random number). 
[0553] The public key cryptosystem (elliptic curve 
cryptosystem) is employed for mutual authentication, 
signature creation, signature checking, and common 
key (session key) creation (delivering). The common 
key cryptosystem (DES) is employed for encrypting and 
decoding the content, and compression functions (hash 
functions) are employed for message authentication in 
signature creation and checking. 
[0554] Fig. 62 illustrates the security functions of the 
SAM. There are two types of security functions man- 
aged by the SAM: (1 ) a security function in the applica- 
tion layer for encrypting and decoding the content, and 
(2) a security function in the physical layer for securing 
a communication path by performing mutual authentica- 
tion with another SAM. 

[0555] In the EMD system 1 00, the content data C to 
be distributed is wholly encrypted, and a key is pur- 
chased upon settling the account. Since the UCP data 
1 08 is sent together with the content data C according 
to the in-band system, it is managed in a layer independ- 
ent of the type of network medium. It is thus possible to 
provide a common rights processing system independ- 
ent of the type of communication path, such as a satel- 
lite, terrestrial waves, cable, radio, or a recording medi- 
um. For example, when the UCP data 106 is inserted 
into the header of the protocol of the physical layer of a 
network, even for the same type of UCP data 106, it is 
necessary for each network to detennine where the 
header the UCP data 106 is inserted. 



[0556] In this embodiment, the content data C and the 
key file KF are encrypted for protection by the applica- 
tion layer Mutual authentication may be performed in 
tlie physical layer, the transport layer, or the application 

s layer Integrating the encryption function into the phys- 
ical layer means integrating the encryption function into 
hardware. Mutual authentication is desirably performed 
in the physical layer since the main object of performing 
mutual authentication is to ensure a communication 

10 ' path between the sender and the receiver. In actuality, 
however, mutual authentication is often implemented in 
the transport layer while being independent of the trans- 
mission channel. 

[0557] The security functions of the SAM include mu- 

'5 tual authentication for verifying the integrity of another 
SAM to communicate with, and encryption and decryp- 
tion (decoding) of content data which involves account- 
ing processing in the application layer 
[0558] Generally, mutual authentication between 

20 SAMs for performing communication between ma- 
chines is implemented in the application layer. However, 
It may be implemented in another layer, such as the 
transport layer or the physical layer 
[0559] Mutual authentication to be implemented in the 

25 physical layer utilizes 5C1394CP (content protection). 
According to 1394CP, M6, which Is the common key 
cryptosystem, is implemented in the isochronous chan- 
nel of a 1394LINKIC (hardware). Mutual authentication 
(elliptic curve cryptosystem or common key cryptosys- 

30 tern using hash functions) is then perfonned with an 
asynchronous channel, and the resulting session key is 
transferred to M6 of the isochronous channel. As a re- 
sult, the common key cryptosystem is implemented by 
M6. 

35 [0560] If mutual authentication between SAMs is im- 
plemented in hardware of the physical layer, the session 
key obtained by performing mutual authentication using 
the public key cryptosystem (elliptic curve cryptosys- 
tem) is transferred to M6 of 1394LINKIC via the host 
40 CPU, thereby encrypting the content data C by using 
the above-described session key together with the ses- 
sion key obtained by 1394CP. 

[0561] If mutual authentication between SAMs is per- 
formed in the application layer, the content data C is en- 
''s crypted by utilizing the common key cryptosystem li- 
brary (DESrrriple DES/AES) within the SAM. 
[0562] In this embodiment, for example, mutual au- 
thentication between the SAMs is implemented In the 
application layer, and mutual authentication by 1394CP 
50 is implemented in the physical layer (hardware), such 
as 1394LINKIC. 

[0563] In this case, encryption and decryption (decod- 
ing) of the content data C which involves accounting 
processing is performed in the application layer How- 
55 ever, the application layer Is easy to access by the user 
and may be analyzed unllmitedly. Accordingly, in this 
embodiment, accounting-related processing is execut- 
ed within high tamper-resistant hardware in which the 
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processing content is fully protected from being moni- 
tored from an external source. This Is the major reason 
for Implementing the SAM as high tamper-resistant 
hardware. 

[0564] If accounting processing is executed within the 
host CPU, tamper-resistant software is Implemented in 
the CPU. 

[0565] A description is now given, with reference to 
Fig. 63, of an example of implementation of various 
SAMs within, for example, the network device 160., of 
the user home network 103 shown in Fig. 1 . 
[0566] The network device 160., includes, as shown 
In Fig. 63, the host CPU 81 0^, the SAM 1051 , the down- 
load memory 167, the medium drive SAM 260, a drive 
CPU 1003, and a shock proof (anti-vibration) memory, 
such as a dynamic RAM (DRAM) 1004, 
[0567] Part of the download memory 1 67 and part of 
the shock proof memory 1004 are used as a common 
memory, which can be accessed from both the SAM 
105^ and the host CPU 810.,. 

[0568] The shock proof memory 1 004 stores the con- 
tent data C received via a data bus 1002, and then outr 
puts it to the AA/ compression/decompression SAM 
163. This makes it possible to sequentially output the 
content data C to the AA/ compression/decompression 
SAM 163 even if the reading operation of the content 
data C from the recording medium 130 Is interrupted due 
to, for example, vibrations. It is thus possible to effec- 
tively prevent the interruption of the playback operation 
of the content data C. 

[0569] The download memory 1 67 is connected to the 
host CPU bus 1000 via a module 1005 which consists 
of a memory controller and a bus arbiter/bridge. 
[0570] Fig. 64 illustrates the detailed configuration of 
the module 1 005 and the peripheral circuits. The module 
1005 Includes, as' shown in Fig. 64, a controller 1500 
and a bus arbiter/bridge 1501 . 

[0571] The controller 1500 serves as a DRAM Inter- 
face (l/F) when a DRAM is used as the download mem- 
or y 167 , and has a r ead/w rite (r/w) line, an address bus, 
a CAS line, and a RAS line to communicate with the 
download memory 167. 

[0572] The bus arbiter/bridge 1501 conducts arbitra- 
tion of the host CPU bus 1000, and has a data bus to 

communicate with the download memory 167, and also 
has a r/w line, an address bus, a ready line, and has a 
chip select (OS) line, a r/w line, an address bus, a data 
bus, and a ready line to communicate with the SAM 
105.,. The bus arbiter/bridge 1501 is connected to the 
host CPU bus 1000. 

[0573] The bus arbiter/bridge 1501. the host CPU 
81 0i , and the SAM 1 0S, are connected to the host CPU 
bus 1 000. The host CPU bus 1 000 has a CS line, a r/w 
line, an address bus, a data bus, and a ready line. 
[0574] The download memory 167 and the shock 
proof memory 1 004 store the above-described content 
file CF and the key file KF. The storage area of the shock 
proof memory 1 004 other than the storage area used as 



the common memory is employed for temporarily stor- 
ing the content data C received from the medium drive 
SAM 260 via the data bus 1 002 until the content data C 
is output to the A/V compression/decompression SAM 

5 163. 

[0575] The A/V compression/decompression SAM 
163 transfers data to the download memory 167 via the 
host CPU bus 1000, and also transfers data to the me- 
dium drive SAM 260 via the data bus 1 002. 
10 [0576] Not only the download memory 167, but also 
the SAM 105,, the A/V compression/decompression 
SAM 163, and a DMA 1010, are connected to the host 
CU bus 1000. 

[0577] The DMA 1010 centrally controls access to the 
'5 download memory 167 via the host CPU bus 1000 ac- 
cording to a command from the host CPU 810.,. 
[0578] The host CPU bus 1 000 is also employed for 
communication with the other SAMs, i.e., the SAMs 
1052 through lOS^, within the user home network 103 
20 by using a 1394-serial Interface link layer. 

[0579] The drive CPU 1 003, the medium drive SAM 
260, an RF amplifier 1006, a medium SAM Interface 
1007. and a DMA 1011 are connected to a drive CPU 
bus 1001. 

25 [0580] The drive CPU 1 003 centrally controls access 
to the disk-type recording medium 130 according to a 
commandfrom the host CPU 81 0,. In this case, the host 
CPU 810, sen/es as a master, while the drive CPU 1 003 
serves as a slave. The drive CPU 1 003 is handled as 

30 an I/O as viewed from the host CPU 81 0^ . 

[0581] The drive CPU 1 003 encodes and decodes da- 
ta in accessing to the recording medium (RAM) 130. 
[0582] When the recording medium (RAM) 1 30 is set 
in a drive, the drive CPU 1 003 determines whether the 

35 recording medium 130 is suitable for the SAM 105, 
(EMD system 100) (i.e., whether rights processing can 
be safely performed on the recording medium 130 by 
the SAM 105i). If so, the drive CPU 1003 reports the . 
corresponding information to the host CPU 81 0^ and al- 

40 so instructs the medium drive SAM 260 to pert'omri mu- 
tual authentication with the medium SAM 133. 
[0583] The medium SAM Interface 1 007 sen/es as an 
Interface for access to the medium SAM 133 of the re- 
cording medium 1 30 via the drive CPU bus 1 001 . 

45 [0584] The DMA 1011 centrally controls access to the 
shock proof memory 1004 via the drive CPU bus 1001 
and the data bus 1 002 according to a command from 
the drive CPU 1003. The DMA 1 01 1 contnals, for exam- 
ple, data transfer between the medium drive SAM 260 

50 and the shock proof memory 1004 via the data bus 
1002. 

[0585] According to the configuration shown in Fig. 
63, for example, in perfonning communication, such as 
mutual authentication betweeri the SAM 1051 and the 
55 medium SAM 133 of the recording medium 130, data 
transfer Is conducted therebetween via the host CPU 
bus 1O00, the host CPU 81 0,, a register within the drive 
CPU 1003, the drive CPU bus 1001, and the medium 
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SAM interface 1007 based on the control of the host 

CPU8IO1. 

[0586] In accessing the recording medium 130, mu- 
tual authentication is conducted between the medium 
drive SAM 260 and the medium SAM 1 33. s 
[0587] In compressing or decompressing data in the 
A/V compression/decompression SAM 163 in order to 
access the download memory 167 or the shock proof 
memory 1004, as discussed above, mutual authentica- 
tion is performed between the SAM 1 05., and the A/V 10 
compression/decompression SAM 1 63. 
[0588] In this embodiment. In Fig. 63, the SAM 105, 
and the A/V compression/decompression SAM 163 are 
handled as devices connected to the I/O interface, as 
viewed from the host CPU 81 0,, Communication and 's 
data transfer of the SAM 1051 and the /W compression/ 
decompression SAM 163 with the host CPU 810., isper- 
fonned under the control of a memory I/O and address 
decoder 1020. In this case, the host CPU 810., serves 
as a master, while the SAM 1 05, and the /W compres- 20 
sion/decompression SAM 163 serve as slaves. The 
SAM 1051 and the flJV compression/decompression 
SAM 163 execute processing Instructed by the host 
CPU 81 01, and reports the results to the host CPU 81 0^ 
if necessary. 25 
[0589] The medium SAM 133 and the medium drive 
SAM 260 are handled as devices connected to the I/O 
interface, as viewed from the drive CPU 1003. Commu- 
nication and data transfer of the medium SAM 1 33 and 
the medium drive SAM 260 with the drive CPU 1 003 is 3o 
performed under the control of a memory I/O and ad- 
dress decoder 1021 . In this case, the drive CPU 1 003 
serves as a master, while the medium SAM 1 33 and the 
medium drive SAM 260 serve as slaves. The medium 
SAM 133 and the medium drive SAM 260 execute 35 
processing instructed by the drive CPU 1003 and re- 
ports the results to the drive CPU 1003 If necessary. 
[0590] Access control to the content file CF and the 
key file KF stored In the download memory 1 67 and the 
shock proof memory 1 004 may be centrally perfonned 4<? 
by the SAM 105,. Alternatively, access control to the 
content file CF may be perfonned by the host CPU 81 0^, 
and access control to the key file KF may be perfonned 
by the SAM 105, . 

[0591] The content data C read from the recording ^5 
medium 130 by the drive CPU 1003 is stored in the 
shock proof memory 1 004 via the RF amplifier 1 006 and 
the medium drive SAM 260, and is then decompressed 
in the A/V compression/decompression SAM 1 63. The 
decompressed content data is converted into analog da- so 
ta in a digitaHo-analog (D/A) converter, and sound 
based on the converted analog signal is output from a 
speaker. 

[0592] In this case, the shock proof memory 1 004 may 
temporarily store the content data C consisting of a piu- ss 
rality of tracks, which are non-contlnuously read from 
storage areas discretely located in the recording medi- 
um 1 30, and then continuously output the content data 



C to the /W compression/decompression SAM 1 63. 
[0593] The master-slave relationships of the various 
SAMs within the user home network 103 shown in Fig. 
63 are described below. 

[0594] For example, when the content data C, for 
which the purchase mode is determined, is recorded on 
the recording medium 1 30, as shown in Fig. 65, the host 
CPU 81 0^ outputs an internal interrupt to instruct the 
SAM 105,, which serves as an I/O device, to detennine 
the purchase mode of the content data C, and also to 
perform mutual authentication with the medium SAM 
133 of the recording medium 130, thereby recording 
content data C on the recording medium 130. 
[0595] In this case, the host CPU 81 0^ serves as a 
master, while the SAM 105^ and the recording medium 
130 serve as slaves. The recording medium 130 is han- 
dled as an I/O device as viewed from the host CPU 8 1 0., . 
[0596] In response to the Internal interrupt from the 
host CPU 810,, the SAM 105, communicates with the 
medium SAM 133 to detennine the purchase mode of 
the content data C and also writes predetennined key 
data, such as the content key data Kc, into the medium 
SAM 133. Upon completion of this processing, the SAM 
1 05., reports the processing result to the host CPU 81 0^ 
through an external interrupt or by polling of the host 
CPU 810^ 

[0597] In playing back the content data C, for which 
the purchase mode is determined, recorded on a record- 
ing medium, an instruction to play back the content data 
C is given, as illustrated in Fig. 66, from the host CPU 
81 0, to the SAM 105, through an internal interrupt. 
[0598] In response to the internal Interrupt, the SAM 
1 05, reads a key data block, such as the key file KF, 
from the medium SAM 133 of the recording medium 
1 30, and executes processing for playing back the con- 
tent data C based on the UCS data 166 stored in the 
key data block. 

[0599] The SAM 1 05, outputs an internal interrupt to 
instruct the /W compression/decompression SAM 163 
to decompress the content data C read from the record- 
ing medium 130. 

[0600] Upon receiving the internal interrupt from the 
SAM 105.,, the A/V compression/decompression SAM 
1 63 descrambles the content data C read from the re- 
cording medium 130, embeds and detects the digital 
watermark information, and decompresses the content 
data. Then, the A/V compression/decompression SAM 
163 outputs the processed content data C to the D/A 
converter so as to play back the content data C. 
[0601] After completion of the playback operation, the 
/W compression/decompression SAM 1 63 reports the 
corresponding information to the SAM 105,. 
[0602] Upon receiving the above-described informa- 
tion, the SAM 105, reports it to the host CPU 81 0, via 
an external interrupt. 

[0603] In this case, in the relationship between the 
host CPU 81 01 and the SAM lOS,, the host CPU 810, 
sen/es as a master, while the SAM lOS, serves as a 
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slave. In the relationship between the SAM 105^ and the 
AA/ compression/decompression SAM 163, the SAM 
105^1 serves as a master, while the AA/ compression/ 
decompression SAM 163 serves as a slave. 
[0604] Although in this embodlmentthe AA/connpres- 
slon/decompression SAM 1 63 is the slave for the SAM 
105^, it may be a slave for the host CPU 81 Oi. 
[0605] If the content data recorded on the recording 
medium 130 is played back without performing rights 
processing of the content data, as shown in Fig. 67, the 
host CPU 810^ outputs an internal interrupt to instruct 
the fKN compression/decompression SAM 163 to exe- 
cute playback processing. The host CPU 81 0, also out- 
puts an internal interrupt to instruct the medium drive 
SAM 260 to read the content data from the recording 
medium 130. 

[0606] Upon receiving the internal interrupt, the me- 
dium drive SAM 260 decodes the content data read from 
the recording medium 130 in the decoder, and then 
stores it in the shocl< proof memory 1 004. Upon com- 
pletion of this processing, the medium drive SAM 260 
reports the corresponding information to the host CPU 
810 through an external interrupt. 
[0607] The content data stored in the shock proof 
memory 1004 is read into the /W compression/decom- 
pression SAM 1 63, and undergoes processing, such as 
descrambling, embedding and detecting digital water- 
mark information, and decompressing, and is then 
played back via the D/A converter. 
[0608] Upon completion of this processing, the A/V 
compression/decompression SAM 163 reports this in- 
formation to the host CPU 81 0^ through an external in- 
terrupt. 

[0609] In this case, the host CPU 810., serves as a 
master, while the /W compression/decompression 
SAM 163 and the medium drive SAM 163 serve as 
slaves. 

[0610] Circuit modules for implementing the above- 
described functions of the SAMs within the user home 
network 1 03 are discussed below. 
[0611] As discussed above, the SAMs within the user 
home network 1 03 include the SAMs 1 05 (1 05, through 
1 064) for perfomning rights processing (profit distribu- 
tion), such as determining the purchase mode, the me- 
dium SAM 133 disposed in a recording medium, the N 
V compression/decompression SAM 163, and the me- 
dium drive SAM 260. Circuit modules provided for the 
above-described SAMs are as follows. 

Example of rights processing SAM 

[0612] Fig. 68 illustrates a circuit module for a rights 
processing SAM 105a. 

[0613] The SAM 105a is tamper-resistant hardware 
(equivalent to a circuit module of the present invention) 
including, as shown in Fig. 68, a CPU 1 1 00, a DAM 11 01 , 
a MMU 1102, an I/O module 1 1 03, a mask ROM 1104, 
a non-volatile memory 11 05, a work RAM 11 06, a public 



key encryption module 1 1 07, a common key encryption 
module 1 1 08, a hash function module 1 1 09 , an (intrinsic) 
random-number generator 1110, a real time clock mod- 
ule 1111, and an external bus l/F 1112. 
5 [0614] The relationship between the elements of the 
rights processing SAM 105a and those of the, present 
invention is as follows. The CPU 1100 corresponds to 
an arithmetic processing circuit. The mask ROM 1104, 
the non-volatile memory 1105, and the wori< RAM 1106 
correspond to a storage circuit. The common key en- 
cryption module 1108 corresponds to an encryption 
processing circuit. The external bus l/F 1112 corre- 
sponds to an external bus interface. 
[0615] As will be discussed below with reference to 
Fig. 69, intemal buses 1120 and 1121 correspond to a 
first bus of the present invention, and an external bus 
1 1 23 corresponds to a second bus of the present inven- 
tion. 

[0616] The intemal bus 1120 also corresponds to a 
third bus, and the internal bus 1121 also corresponds to 
a fourth bus. 

[061 7] The extemal bus l/F 1 1 1 2 corresponds to a first 
interface circuit, and a bus l/F circuit 1116 corresponds 
to a second interface circuit. 

[061 8] An intemal bus 1 1 22 corresponds to a fifth bus, 
an I/O module'con-esponds to a third interface circuit, 
and a bus l/F circuit 111 7 corresponds to a fourth inter- 
face circuit. 

[0619] A brief description of the relationship between 
the function module of the SAM 105, shown in Fig. 30 
and the circuit module shown in Fig. 68 is given below. 
[0620] The CPU 1100 executes, for example, pro- 
grams stored in the mask ROM 1104 and the non-vola- 
tile memory 1105, so as to implement the functions of 
the CPU 1100, the accounting processor 187, and the 
usage monitor 186 shown in Fig. 30. 
[0621] TheDMAIIOI centrally controls access to the 
download memory 1 67 shown in Fig. 22 and the storage 
unit 192 shown in Fig. 30 in response to a command 
from the CPU 1100. 
[0622] The MMU 1 1 02 manages the address spaces 
of the download memory 1 67 shown in Fig. 22 and the 
storage unit 192 shown in Fig. 30. 
[0623] The I/O module 1 1 03 implements part of the 
functions of the medium SAM manager 197 shown in 
Fig. 30. 

[0624] The mask ROM 1104 stores fixed programs 
and data, such as an Initializing program and an integrity 
check program for the SAM 1 05a, when manufacturing 
the SAM 105^, and implements part of the functions of 
the storage unit 192 shown in Fig. 30. 
[0625] The non-volatile memory 1 1 05 stores variable 
programs and data, such as encryption programs and 
key data, and implements part of the functions of the 
storage unit 192 shown in Fig. 30. 
[0626] The work RAM 11 06 corresponds to the work 
memory 200 illustrated in Fig. 30. 
[0627] The public key encryption module 1 1 07 imple- 
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merits part of the functions of the signature processor 
1 89 Illustrated In Fig. 30, and Is used for perfonning mu- 
tual authentication with the medium SAIVl 1 33 according 
to the public key cryptosystem, creating signature data 
of the SAM 105, checking signature data (of the EMD 
service center 102, the content provider 1 01 , and, in the 
second embodiment, the service provider 31 0), encryp- 
tion and decryption of a small amount of data (such as 
the key file KF) to be transferred, and sharing a key. The 
public key encryption module 1 1 07 may be implemented 
as a circuit module (hardware (H/W) IPsolutlon), ormay 
be Implemented by executing a public key encryption 
program stored In the non-volatile memory 1105 by the 
CPU 11 00 (software (S/W) IP solution), 
[0628] The common key encryption module 1 1 08 Im- 
plements part ofthefunctlons of the signature processor 
1 89 and the encryption/decryption (decoding) units 1 71 , 
1 72, and 1 73, and is used for perfonning mutual authen- 
tication and encrypting and decrypting data by using the 
session key data Ks^s obtained by mutual authentica- 
tion. The common key cryptosystem realizes much fast- 
er processing than the public key cryptosystem, and is 
tfius used for, for example, encrypting and decrypting a 
large amount of content data (content file CF). The com- 
mon key encryption module 1108 may be implemented 
as a circuit module (HAW IP solution), or may be Imple- 
mented by executing the common key encryption pro- 
gram stored in the non-volatile memory 1105 by the 
CPU 1100 (S/W IP solution). 

[0629] IVIutual authentication is achieved by encryp- 
tion and decryption of one or both of the public key en- 
cryption module 1107 and the common key encryption 
module 1108. 

[0630] Th e common key encryption module 1 1 08 de- 
codes the content key data Kc with the license key data 

KD. 

[0631] The hash function module 1109 implements 
part of the functions of the signature processor 189 
shown in Fig. 30, and Is used for generating hash values 
of data for which signature data is to be created. More 
specifically, the hash function module 1109 is used for 
checking the signature data of the content provider 1 01 
and the EMD service center 1 02, and also checking the 
hash value H^^ ofthe key file KF^ of the secure contain- 
er 104x Illustrated in Figs. 44A through 44D. The hash 
function module 1109 may be Implemented as a circuit 
module (H/W IP solution), or may be Implemented by 
executing a hash circuit module program stored in the 
non-volatile memory 1105 by the CPU 1100 (S/W IPso- 
lutlon). 

[0632] The random-number generator 1110 imple- 
ments part of the functions of the mutual authentication 
unit 170 illustrated in Fig. 30. 

[0633] The real time clock module 1111 generates real 
time, which is used for selecting the license key data KD 
with an effective period, or detennining whether the re- 
quirements of an effective period indicated by the DCS 
data 1 66 are satisfied. 
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[0634] The external bus l/F 1112 implements part of 
the functions of the content provider manager 1 80, the 
download memory manager 182, and the EMD sen/ice 
center manager 185 shown In Fig. 30. 
5 [0635] Fig. 69 illustrates the hardware configuration 
within the SAM 105a. In Fig. 69, the same elements as 
those shown in Fig. 68 are designated with like refer- 
ence numerals. 

[0636] As shown in Fig. 69, within the SAM 1 05a, the 
10 CPU 1100, the mask ROM 1104, and the non-volatile 
memory 1 1 05 are connected to each other via the S AM/ 
CPU bus 1120. 

[0637] TheDMAIIOI Is connected to the Internal bus 
1121. An |2C Interface 1130, a medium SAM interface 
15 1131, a Memory Stick (MS) Interface 1132, and an IC 
card Interface 1133 are connected to the internal bus 
1122. 

[0638] The medium SAM interface 1131 transfers and 
receives data to and from the medium SAM 133 of the 
20 recording medium 130. The MS interface 1132 transfers 
and receives data to and from a memoiy stick 1 1 40. The 
IC card interface 1 1 33 transfer and receives data to and 
from an IC card 1141 . 

[0639] The public key encryption module 1107, the 
25 common key encryption module 1 1 08, the hash function 
module 1109, the random-number generator 1110, the 
realtime clock module 1111, the external bus l/F 1112, 
and an external memory l/F 1142 are connected to the 
external bus 1123. 
30 [0640] The host CPU bus 1000 shown in Fig. 63 Is 
connected to the external bus l/F 1112, and the external 
memory 201 shown In Fig. 63 is connected to the exter- 
nal memory l/F 1142. 

[0641 ] The SAM/CPU bus 1 1 20 and the internal bus- 
35 1121 are connected via the bus interface 1116. The in- 
ternal buses 1122 and 1121 are connected via the bus 
interface 1117. The internal bus 1121 and the external 
bus 1 1 23 are connected via a bus Interface 1115. 
[0642] The above-described SRAM 1155 and the 
40 SAM status register 1 1 56 are stored in the bus Interface 
1115. 

[0643] /Vs stated above, the SAM status register 1 1 56 
has the first SAM status register 1156a and the second 
SAM status register 1156b. A flag indicating the status 

« of the SAM 1051 read by the host CPU 81 0^ Is set in 
the first SAM status register 1156a. A flag indicating 
whether a request to execute a task has been output 
from the host CPU 81 0^ Is set In the second SAM status 
register 1156b, and this flag is read from the CPU 1100 

50 of the SAM 105,. 

[0644] The DMA 1101 centrally controls the mask 
ROM 1 1 04, the non-volatile memory 1 1 05, and the work 
RAM 1106 via the Internal bus 1121 in response to a 
command from the CPU 1100. 

55 [0645] A MMU 1113 manages memory spaces of the 
mask ROM 1104, the non-volatile memory 1105, the 
work RAM 1 1 06, and the download memory 1 67 shown 
in Fig. 63. 
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[0646] An address decoder 1114 performs address 
conversion when data is transferred between the inter- 
nal bus 1121 and the external bus 1123. 
[0647] A writing lock control circuit 1135 controls writ- 
ing and erasing of each block of data into and from a s 
flash ROM based on the lock key data of the CPU 1 1 00. 
[0648] The address space of the rights processing 
SAM 1 05a is described below. 

[0649] Fig. 70 illustrates the address space of the 
rights processing SAM 1 05a. The address space con- io 
tains, starting from the start address, a boot program, 
the system configuration, a flash ROM, predetermined 
programs, a device driver for the flash ROM, a device 
driver for a non-volatile memory, the work RAM 1106 
shown in Fig. 69, predetermined programs, the SRAM 's 

1155 shown in Fig. 69, the external memory 201, 
Key_TOC/File_System, a SAM registration list, the us- 
age log data 1 08, a register for the common key encryp- 
tion module 1 1 08 shown in Fig. 69, a registerforthe pub- 
lic key encryption module 1 1 07 shown in Fig. 69, a reg- 20 
ister for the hash function module 1109 shown In Fig. 

69, a register for the random-number generator 1110 
shown in Fig. 69, a registerforthe real time clock module 
1111 shown in Fig. 69, a current time register, an effec- 
tive period register, a control register, an IC card inter- 25 
face, a medium SAM interface, a Memory Stick inter- 
face, and an bus interface. 

[0650] In the field of the address space assigned to 
the system configuration, the DMA 1101 and the SAM 
status register 11 56 shown in Fig. 69 are stored. 30 
[0651] In the field of the address space assigned to 
the flash ROM, a main routine (kernel), interrupt pro- 
grams, sub-routines called by the interrupt programs, a 
command analyzer {table indicating the relationship be- 
tween the commands and start addresses of the inter- 3s 
rupt programs), and an interrupt vector table are stored. 
[0652] In the address space of the SAM 105a illustrat- 
ed in Fig. 70, the SAM status register 1156 and the 
SRAM 1 1 55 are used as common memory spaces with 
the host CPU 810. 40 
[0653] The address space of the host CPU 81 0^ 
shown in Fig. 63 is described below with reference to 
Fig. 71 . 

[0654] The address space of the host CPU 81 0^ con- 
tains, as shown in Fig. 71, starting from the start ad- 45 
dress, a boot program, the system configuration, a code 
ROM, a data ROM, a work RAM, a common memory 
shared with the SAM 1 05., shown in Fig. 63, a common 
memory shared with the AA/ compression/decompres- 
sion SAM 163 shown in Fig. 63, a common memory so 
shared with the medium drive SAM 260 shown in Fig. 
63, and external devices. 

[0655] The SRAM 1 1 55 and the SAM status register 

1156 shown in Fig. 69 are assigned to the common 
memory shared with the SAM 105^ shown in Fig. 63. ss 



Another example of rights processing SAM 

[0656] Fig. 72 illustrates a circuit module of a rights 
processing SAM 105b. In Fig. 72, the same elements 
as those shown in Fig. 69 are designated with like ref- 
erence numerals. 

[0657] The SAM 1 05b is fonned of, as shown in Fig. 
72, a secure memory 105ba, a host CPU 810, tamper- 
resistant software 1130, and an I/O module 1103. 
[0658] In the SAM 105b, the tamper-resistant soft- 
ware 1130 is executed by the host CPU 810 so as to 
implement the same function as the CPU 1100 shown 
in Fig. 68. As stated above, the tamper-resistant soft- 
ware 1130 is software in which the processing is totally 
shielded from an external source, and is difficult to be 
analyzed or overwritten. 

[0659] The secure memory 1 0Sba is tamper-resistant 
hardware including a mask ROM 1104, a non-volatile 
memory 1105, a work RAM 1106, a public key encryp- 
tion module 1107, a common key encryption module 
1108, a hash function module 1109, an (intrinsic) ran- 
dom-number generator 111 0, a real time clock module 
1 1 1 1 , and an external bus l/F 1 1 1 2. 
[0660] The public key encryption module 1107, the 
common key encryption module 1108, and the hash 
function module 1109 may be implemented as a circuit 
module (H/W IP solution), or may be implemented by 
executing a public key encryption program, a common 
key encryption program, and a hash function program, 
respectively, stored in the non-volatile memory 1105 by 
the host CPU 810 (S/W IP solution). 
[0661] An example of the configuration of the above- 
described medium SAM 133 is as follows. Fig. 73 illus- 
trates a circuit module of the medium SAM 133. 
[0662] The medium SAM 133 is tamper-resistant 
hardware including, as shown in Fig. 73, a CPU 1200, 
a DMA 1201, an I/O module 1203, a mask ROM 1204, 
a non-volatile memory 1205, a work RAM 1206, a public 
key encryption module 1207, a common key encryption 
module 1208, a hash function module 1209, and an (in- 
trinsic) random-number generator 1210. 
[0663] The CPU 1200 controls the individual circuits 
within the tamper-resistant hardware. 
[0664] The work RAM 1206 corresponds to the work 
memory 200 shown in Fig. 30. 

[0665] The public key encryption module 1207 is used 
for perfomiing operations according to the public key 
cryptosystem, for example, (1) performing mutual au- 
thentication with the SAM 105i and the drive CPU 1003 
shown in Fig. 63, (2) creating signature data of the me- 
dium SAM 133a and checking signature data (of the 
EMD sen/ice center 1 02, the content provider 1 01 , and 
in the second embodiment, the service provider 310), 
(3) encrypting and decrypting a small amount of data to 
be transferred, and (4) sharing the session key data 
KsEs obtained by mutual authentication. The public key 
encryption module 1107 may be implemented as a cir- 
cuit module (H/W IP solution), or may be implemented 
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by executing the public key encryption program stored 
in the non-volatile memory 1205 by the CPU 1200 (S/ 
W IP solution). 

[0666] The common key encryption module 1208 is 
used for perfomiing mutual authentication and for en- s 
crypting and decrypting data, such as the key files KF 
and KFi by using the session key data KgEs obtained 
by perfomiing mutual authentication. The common key 
encryption nnodule 1 1 08 may be implemented as a cir- 
cuit module (H/W IP solution), or may be Implemented 
by executing the common key encryption program 
stored in the non-volatile memory 1205 by the CPU 
1200 (S/W IP solution). 

[0667] Mutual authentication can be reali2ed by en- 
crypting and decrypting by one or both of the public key 
encryption module 1207 and the common key encryp- 
tion module 1208. 

[0668] The hash function module 1209 is used for 
generating hash functions of data. More specifically, the 
hash function module 1209 Is used for verifying the hash 
value of the key file KF, of the secure container 
104x shown in Figs. 44A through 44D. The hash func- 
tion module 1109 maybe implemented as a circuit mod- 
ule (HA/V IP solution), or may be implemented by exe- 
cuting the hash circuit module stored in the non-volatile 
memory 1205 by the CPU 1200 (S/W IP solution). 
[0669] The random-number generator 1210 Is used 
for performing, for example, mutual authentication. 
[0670] The I/O module 1203 is used for performing 
communication with the medium SAM l/F 1007 shown 
in Fig. 63. 

[0671] The mask ROM 1204 stores fixed programs 
and data, such as an Initializing program and an integrity 
check program for the medium SAM 133, when being 
shipped. 

[0672] The non-volatile memory 1 205 stores variable 
programs and data, such as encryption programs and 

key data. 

[0673] Fig. 74 illustrates data stored in the mask ROM 
1204 and the non-volatile memory 1205 when shipping 
the medium SAM 1 33 to be installed in a recording me- 
dium (ROM). 

[0674] When shipping the recording medium (ROM), 
the medium SAM 1 33 stores, as shown in Fig. 74, an 
identifier (ID) of the medium SAM, storage key data 
KsTR (medium key data K^^eD' public key data K^g^ p 
of the EMD service center 1 02, public key data Kf^.^^^ p 
of the root certifying authority 92, public-key certificate 
data CER|^sAM °f medium SAM 133, public key data 
K^sAM.p of the medium SAM 133, private key data 
KsAM.s of the medium SAM 133, a revocation list, rights 
processing data, an entity ID which receives profits, the 
type of medium (medium type Infomiation and informa- 
tion specifying either a ROM or a RAM), physical ad- 
dress information (register space address) of the key 
files KF the key file KF of each content data C (content 
file CF), and predetermined check values (MAC values). 
[0675] The physical address information (register 



space address) of the key files KF. the key file KF of 
each content data C (content file CF), and the predeter- 
mined check values (MAC values) are encrypted with 
the license key data KD managed by the EMD service 
center 1 02. 

[0676] Fig. 75 illustrates data stored in the mask ROM 
1 204 and the non-volatile memory 1 205 when user reg- 
istration is conducted and the purchase mode is deter- 
mined after the medium SAM 133 to be installed in a 
recording medium (ROM) has been shipped. 
[0677] As shown In Fig. 75, a user ID, a password, 
favorite information, settlement infomnatlon (for exam- 
ple, a credit card number), electronic money informa- 
tion, a key file KF,, etc. are newly added to the medium 
SAM 133 by the user registration. 

[0678] Fig. 76 illustrates data stored in the mask ROM 
1204 and the non-volatile memory 1205 when the me- 
dium SAM 133 to be installed in a recording medium 
(RAM) is shipped. 

[0679] As illustrated in Fig, 76, when shipping the re- 
cording medium (RAM), the medium SAM 133 stores an 
Identifier (ID) of the medium SAM 133, recording key 
data KgjFi (medium key data K^^ed)- public key data 
Kgsc.p °' the EMD service center 102, public key data 
Kr-ca,p of the root certifying authority 92, public-key cer- 
tificate data CERmsam of the medium SAM 133, public 
key data Kms^m.p of the medium SAM 133, private key 
data K^4SAM.s of the medium SAM 1 33, a revocation list, 
rights processing data, an entity ID which receives prof- 
its, and the type of medium (medium type information 
and infomnatlon specifying either a ROM or a RAM). 
However, physical address infomnatlon (register space 
address) of the key files KF, key files KF and KF^ of each 
content data C (content file CF), and predetermined 
check values (MAC values) are not stored. 
[0680] Fig. 77 illustrates data stored in the mask ROM 
1 204 and the non-volatile memory 1 205 when user reg- 
istration is conducted and the purchase mode is deter- 
mined after the medium SAM 133 to be installed in a 
recording medium (RAM) has been shipped. 
[0681] As illustrated in Fig. 77, in addition to a user 
ID, a password, favorite information, settlement infor- 
mation (for example, a credit card number), and elec- 
tronic money information, physical address Information 
(register space address) of the key files KF, the key files 
KF and KF., of each content data C (content file CF), 
and predetemnined values (MAC values) are newly writ- 
ten into the medium SAM 133 by the user registration. 
[0682] The physical address infonnation (register 
space address) of the key file KF, the key files KF and 
KF^ of each content data C (content file CF), and the 
predetemriined values (MAC values) are encrypted with 
the storage key data Kstr- 

AA/ compression/decompression SAM 1 63 

[0683] The A/V compression/decompression SAM 
163 implements, for example, the functions shown in 
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Fig. 22. 

[0684] Fig. 78 illustrates a circuit module of the A/V 
compression/decompression SAM 163. 
[0685] The AA/ compression/decompression SAM 
163 is tamper-resistant hardware including, as shown 5 
in Fig. 78, a CPU/DSP 1 300, a DMA 1 301 , a mask ROM 
1304, a non-volatile memory 1305, a work RAM 1306, 
a common key encryption module 1308, an (intrinsic) 
random-number generator 1310, a compression/de- 
compression module 1320, a digital watermark embed- 'o 
ding/detecting module 1321, and a partial-Information 
disclosing control module 1322. 
[0686] The CPU/DSP 1300 centrally controls the In- 
dividual circuit modules within the A/V compression/de- 
compression SAM 1 63 by executing programs stored In 
the mask ROM 1 304 and the non-volatile memory 1 305 
in accordance with a command, for example, from the 
SAM 105, shown in Fig. 63. 

[0687] The DMA 1 301 centrally controls access to the 
mask ROM 1304, the non-volatile memory 1305, and 20 
the work ROM 1306 in accordance with a command 
from the CPU/DSP 1300. 

[0688] When the AA/ compression/decompression 
SAM 163, the mask ROM 1304 stores fixed programs, 
such as an initializing program and an integrity check 25 
program for the AA/ compression/decompression SAM 
163, and fixed data, such as an identifier AVSAMJD of 
the AA/ compression/decompression SAM 163. 
[0689] The non-volatile memory 1 305 stores variable 
programs and data, such as an encryption program and 3o 
key data. 

[0690] The work RAM 1 306 stores the key file KF re- 
ceived from the SAM 105^. 

[0691] The common key encryption module 1308 is 
used for conducting mutual authentication and for en- 35 
crypting and decrypting the content data C and the con- 
tent key data Kc by using the session key data Kses 
obtained by mutual authentication. The common key en- 
cryption module 1308 may be implemented as a circuit 
module (H/W IP solution) or may be implemented by ex- i-o 
ecuting the common key encryption program stored in 
the non-volatile memory 1305 by the CPU/DSP 1300 
(S/W iP solution). The common key encryption module 
1 308 also decrypts the content data C by using the con- 
tent key data Kc obtained from the SAM 105.,. '^s 
[0692] The (intrinsic) random-number generator 1 31 0 
is used for performing mutual authentication with, for ex- 
ample, the SAM 105.,. 

[0693] The compression/decompression module 
1320 implements the functions of, for example, the de- so 
compression unit 223 shown in Fig. 22. More specifical- 
ly, the compression/decompression module 1320 de- 
compresses the content data received from the down- 
load memory 167 and the shock proof memory 1004 
shown in Fig. 63, and compresses the content data re- S5 
ceived from the A/D converter. 

[0694] The digital watermark embedding/detecting 
module 1 321 implements the functions of the digital-wa- 



termark infomiatlbn processor 224 shown in Fig. 22. For 
example, the digital watennark embedding/detecting 
module 1321 embeds predetermined digital watermark 
infonnation into the content data to be processed by the 
compression/decompression module 1320 and detects 
the digital watermark information embedded into the 
content data, that is, it determines whether the process- 
ing executed by the compression/decompression mod- 
ule 1320 is suitable. 

[0695] The partial-information disclosing control mod- 
ule 1322 implements the partially disclosing processor 
225 shown in Fig. 22, and plays back the content data 
according to the playback mode. 



[0696] Fig. 79 illustrates a circuit module of the medi- 
um drive SAM 260. 

[0697] The medium drive SAM 260 is tamper- resist- 
ant hardware including, as illustrated in Fig. 79, a CPU 
1400, a DMA 1401, a mask ROM 1404, a non-volatile 
memory 1405, a work RAM 1406, a common key en- 
cryption module 1408, a hash function module 1409, an 
(intrinsic) random-number generator 1410, an encode/ 
decoder module 1420, a storage-key-data generating 
module 1430, and a medium-unique-ID generating 
module 1440. 

[0698] The CPU 1400 executes programs stored in 
the mask ROM 1404 and the non-volatile memory 1405 
in accordance with a command from the drive CPU 1 003 
shown in Fig. 63, and centrally controls the individual 
circuit modules within the medium drive SAM 260. 
[0699] The DIVIA 1 401 centrally controls access to the 
mask ROM 1404, the non-volatile memory 1405, and 
the work RAM 1 406 in accordance with a command from 
the CPU 1400. 

[0700] When the medium drive SAM 260 is shipped, 
the mask ROM 1 404 stores fixed programs, such as an 
initializing program and an integrity check program for 
the medium drive SAM 260, and fixed data, such as 
identifier MDSAM_ID of the medium drive SAM 260. 
[0701 ] The non-volatile memory 1 405 stores variable 
programs and data, such as encryption programs and 
key data. 

[0702] The work RAM 1 406 serves as a work memory 
for executing various processing. 
[0703] The common key encryption module 1 408 is 
used for performing mutual authentication between the 
medium SAM 133 and the A/V compression/decom- 
pression SAM 163, and for encrypting and decrypting 
the content file OF and the key file KF by using the ses- 
sion key data Kqes, which is a common key obtained by 
mutual authentication, and also for encrypting the con- 
tent key data Kc using the storage key data ^sth 
the medium key data K^ed- The common key encryp- 
tion module 1408 verifies signature data and creates 
signature data by using the common key data and the 
hash values of data, for which signature, data is to be 
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created. 

[0704] The common key encryption module 1 408 may 
be implemented as a circuit module (H/W IP solution), 
or may be implemented by executing the common key- 
encryption program stored in the non -volatile memory 
1405 by the CPU 1400 (S/W IP solution). 
[0705] Encryption of the content key data Kc by using 
the storage key data Kg-pF, may be performed by either 
the common key encryption module 1408 of the medium 
drive SAM 260 or the medium SAM module 133. 
[0706] The hash function module 1409 is usedforver- 
ifylng signature data and for generating hash values of 
data, for which signature data is to be created. 
[0707] The (intrinsic) random-number generator 1 41 0 
is used for performing mutual authentication with, for ex- 
ample, the medium SAM 133. 

[0708] When accessing the content data stored in the 
ROM area or the RAM area of the recording medium 
130, the encoder/decoder module 1420 executes 
processing, such as encoding, decoding, ECC, modu- 
lating, demodulating, sectorizing, and desectorizing, on 
the content data. 

[0709] The storage-key-data generating module 1 430 
generates the storage key data Ksm unique to each me- 
dium by using the medium unique ID generated by the 
medlum-unique-ID generating module 1440. 
[0710] The medium-unique-ID generating module 
1440 generates a medium unique ID unique to each re- 
cording medium from the drive ID generated by the me- 
dium drive SAM. 260 and the SAM_ID of the medium 
SAM 133. 

[0711] The overall operation of the ElV^D system 1 00 
shown In Fig. 1 is described below with reference to the 
flow chart of Fig. 80. 

[0712] In step SI, after the content provider 101 per- 
forms predetermined registration, the EMD service 
center 1 02 sends the public key certificate CER^p of the 
public key data K^pp of the content provider 1 01 
[0713] After the SAMs lOS^ through 1064 pertorm 
predetemiined registration processing, the EMD sen^ice 
center 102 also sends the public key certificates 
CERcpi through CERcp4 of the public key data Ksami .p 
through Ksam4,p of the SAMs 1 0S, through 1 064, re- 
spectively. 

[0714] After conducting mutual authentication, the 
EMD service center 1 02 sends the license key data KD, 
through KD3 forthree months, each having a one-month 
effective period, to the SAMs 105., through 1064 of the 
user home network 103. 

[0715] In this manner, in the EMD system 100, the li- 
cense key data KD^ through KD3 are distributed to the 
SAMs 106, through 1054 in advance. This enables the 
SAMs 105^ through 108410 purchase and utilize the se- 
cure container 1 04 distributed from the content provider 
1 01 by decoding the secure container 1 04 even while 
the SAMs 1 05i through 1 064 are disconnected from the 
EMD service center 102. In this case, the purchase and 
usage log is recorded in the usage log data 1 08, which 



is then automatically sent to the EMD service center 1 02 
when the SAMs 1 0S., through 1 054 are connected to the 
EMD service center 102. It is thus possible for the EMD 
service center 102 to reliably perform settlement 
5 processing. If the EMD service center 1 02 does not re- 
ceive the usage log data 108 in a predetermined period, 
it is able to make the corresponding SAM invalid in the 
revocation list. The DCS data 166 is transmitted basi- 
cally in real time from the SAMs 1 05, through 1 064 to 
10 the EMD service center 1 02. 

[071 6] In step 82 , after perfomiing mutual authentica- 
tion with the EMD service center 1 02, the content pro- 
vider 1 01 authorizes the UCP data 106 and the content 
key data Kc by registering them in the EMD service cent- 
's er 102. The EMD service center 102 also creates the 
key file KF for six months and sends it to the content 
provider 1 01 . 

[0717] In step S3, the content provider 101 creates 
the content file CF and the signature data SIGg cp there- 
to for, shown in Fig. 3A, and the key file KF and the signa- 
ture data SIG7 CP therefor, shown In Fig. 3B. The content 
provider 101 then sends the secure container 104 in 
which the above-described files and data, and the pub- 
lic-key certificate data CERcp and the signature data 
25 SIG, ESC therefor, shown in Fig. 3C, are stored, to the 
SAMs 1 05., through 1 064 of the user home network 1 03 
online or offline. 

[0718] In sending the secure container 104 online, a 
specific protocol for the content provider 1 01 is used to 

30 distribute the secure container 1 04 from the content pro- 
vider 101 to the user home network 103 in the format 
independent of the protocol (i.e., data to be transmitted 
by using a predetermined layer of a communication pro- 
tocol consisting of a plurality of layers). In sending the 

35 secure container 1 04 offline, the secure container 1 04 
is stored in a recording medium (ROM or RAM) and is 
sent from the content provider 1 01 to the user home net- 
work 103. 

[0719] Then, in step S4,the SAMs 105^ through 1064 
40 of the user home network 1 03 check the signature data 
SIGg cp. SIG7_cp. and SIGK, ggc within the secure con- 
tainer 1 04 distributed from the content provider 1 01 so 
as to verify the integrity of the creators and senders of 
the content file CF and the key file KF. Thereafter, the 
45 SAMs 105^ through 1064 decode the key file KF by using 
the license key data KD., through KDg of corresponding 
periods. 

[0720] Subsequently, in step S5, in the SAMs 1 05^ 
through 1064, the purchase and usage modes are de- 

50 termined based on the internal interrupt S810 from the 
host CPU 810 according to the user's operation on the 
operation unit 185 shown in Fig. 22. 
[0721] In this case, the usage monitor 186 shown in 
Fig. 37 manages the purchase and usage modes of the 

55 content file CF selected by the user based on the UCP 
data 106 stored In the secure container 104. 
[0722] In step 86, the accounting processors 187 of 
the SAMs 105i through 1064 shown In Fig. 37 create 
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the usage log data 1 08 and the DCS data 1 66 in which 
the purchase and usage modes are recorded, and send 
them to the EI^D service center 1 02. 
[0723] In step S7, the EMD service center 102 exe- 
cutes accounting processing based on the usage log da- 
ta 1 08, and creates the settlement request data 1 52 and 
the settlement report data 1 07. The EMD service center 
102 sends the settlement request data 152 and the sig- 
nature data SIGgg therefor to the settlement organiza- 
tion 91 via the payment gateway 90 shown In Fig. 1 . The 
EMD service center 102 also sends the settlement re- 
port data 107 to the content provider 101. 
[0724] Then, in step S8, after verifying the signature 
data SIGgg, the settlement organization 91 distributes 
the payment made by the user to content rights holders, 
such as the content provider 101, based on the settle- 
ment report data 1 52. 

[0725] As described above, in the EMD system 100, 
the secure container 104 shown in Figs. 3A through 3C 
is distributed from the content provider 1 01 to the user 
home network 1 03, and the key file KF within the secure 
container 104 Is processed in the SAMs 105^ through 
1064. 

[0726] The content key data Kc and the UCP data 1 06 
stored in the key file KF are encrypted with the license 
key data KDi through KD3, and are decrypted only in 
the SAMs 105i through 1064 which hold the license key 
data KD, through KD3. The SAMs 105^ through 105^ 
are tamper-resistant hardware in which the purchase 
and usage modes of the content data C are determined 
based on the handling contents of the content data C 
recorded in the UCP data 106. 

[0727] Therefore, according to the EMD system 1 00, 
the content data C can be reliably purchased and uti- 
lized in the user home network 103 based on the UCP 
data 106 created by the content provider 101 or a con- 
tent-rights holder. 

[0728] Additionally, in the EMD system 1 00, the con- 
tent data C may be distributed from the content provider 
101 to the user home network 103 online or offline by 
storing it in the secure container 104. In this case, the 
rights processing of the content data C in the SAMs 1 05^ 
through 1 064 are not influenced by whether the content 
data C is sent online or offline. 

[0729] In the EMD system 100, in purchasing, utiliz- 
ing, recording, and transfen-ing the content data C in the 
network device 160^ and the AA/ machines I6O2 
througii I6O4 within the user home network 103, 
processing is always executed based on the UCP data 
106. Thus, rights processing mies in common to the 
whole user home network 103 can be established. 
[0730] Fig. 81 illustrates an example of protocols for 
distributing the secure container 1 04 used in the first 
embodiment. 

[0731] In the multiple processor system (EMD sys- 
tem) 100, as illustrated In Fig. 81 , as protocols for deliv- 
ering the secu re container 1 04 from the content provider 
101 to the user home network 103, TCP/IP and XMU 



SMIL, for example, are used. 

[0732] As protocols for transferring the secure con- 
tainer 104 between the SAMs of the user home network 
1 03 or between the user home networks 1 03 and 1 03a, 
5 for example, XMUSMIL which is constructed on a 
1394-serial bus/interface is used. In this case, the se- 
cure container 1 04 may be stored in a recording medium 
(ROM or RAM) and distributed between the SAMS. 

10 Second Embodiment 

[0733] In the first embodiment, the content data is di- 
rectly distributed from the content provider 1 01 to the 
SAMs 105i through 1054 of the user home network 103. 
'5 In the second embodiment, the content data is distrib- 
uted from a content provider to SAMs of a user home 
network via a service provider. 

[0734] Fig. 82 Is a block diagram illustrating an EMD 
service system 300 of the second embodiment. 
so [0735] The EMD service center 300 Includes, as 
shown in Fig. 82, a content provider 301 , an EMD serv- 
ice center 302, a user home network 303, asen/ice pro- 
vider 31 0, a payment gateway 90, and a settlement or- 
ganization 91 .. 

25 [0736] The content provider 301, the EMD service 
center 302, the SAMs 305, through 8064, and the serv- 
ice provider 310 respectively correspond to a data pro- 
viding apparatus, a management apparatus, a data 
processing apparatus, and a data distribution apparatus 

30 of the present invention . 

[0737] The content provider 301 is similar to the con- 
tent provider 1 01 of the first embodiment except that it 
supplies content data to the service provider 31 0. 
[0738] The EMD service center 302 is similar to the 

35 EMD service center 1 02 of the first embodiment except 
that it exercises an authentication function, a key-data 
management function, and a rights processing function, 
not only for the content provider 1 01 and the SAMs 305., 
through 3064, but also for the service provider 301. 

40 [0739] The user home network 303 includes a net- 
work device 360., and AA/ machines 36O2 through 36O4. 
The network device 360^ integrates a SAM 305, and a 
CA module 311 therein, and the A/V machines 36O2 
through 36O4 integrate SAMs SOSg through 3064 therein. 

45 [0740] The SAMs 305, through 3064 are similarto the 
SAMs 105^ through 1064, respectively, of the first em- 
bodiment, except that they receive a secure container 
304 from the service provider 310, and verify signature 
data of the content provider 301 and the service provider 

so 310, and also create service-provider (SP) purchase log 
data (data for a data distribution apparatus) 309 for the 
sewice provider 310. 

[0741] An overview of the EMD system 300 is as fol- 
lows. 

55 [0742] In the EMD system 300, the content provider 
301 transmits the content key data Kc and the UCP data 
1 06, which is similar to that of the first embodiment and 
which indicates the rights of the content data, such as 
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license agreement conditions of the content data C to 
be provided, to the EMD service center 302, which is a 
highly reliable authorizing organization. The UCP data 
1 06 and the content key data Kc are authorized (authen- 
ticated) by being registered in tlie EMD service center 
302. 

[0743] The content provider 301 encrypts the content 
data C with the content key data Kc so as to create the 
content file CF. The content provider 301 receives a key 
file KF for six months for each content file CF from the 
EMD service center 302. 

[0744] The key file KF contains signature dataforver- 
ifying the integrity of the key file KF and integrity of the 
creator and the sender of the key file KF. 
[0745] The content provider 301 then supplies the se- 
cure container 104 shown in Figs. 3A through 3C In 
which the content file CF, the key file KF, and the signa- 
ture data are stored to the service provider 310 offline 
via a recording medium or online via a network, such as 
the Internet, a digital broadcast, or by using an unofficial 
protocol. 

[0746] The signature data stored in the secure con- 
tainer 1 04 is used for verifying the integrity of the corre- 
sponding data and the integrity of the creator and the 

sender of the data. 

[0747] Upon receiving the secure container 1 04 from 
the content provider 301, the service provider 310 
checks the signature data so as to verify the integrity of 
the creator and the sender of the secure container 1 04. 
[0748] The service provider 31 0 then creates price tag 
data (PT) 31 2 obtained by adding aprlceforthe services 
given by the service provider 310, such as authoring 
services, to the SRP, which has been reported to the 
service provider 31 0 offline, desired by the content pro- 
vider 301. 

[0749] Theserviceprovider310then extracts the con- 
tent file CF and the key file from the secure container 
1 04 and creates the secure container 304 in which the 
content file CF the key file KF, the price tag data 312, 
and signature data Kgps therefor are stored. 
[0750] The key file KF Is encrypted with the license 
key dataKD, through KDg, and the service provider 310 
is unable to see the content of the key file KF or ovenwrite 
It since it does not own the license key data KD^ through 
KDg. 

[0751] The EMD service center 302 also authorizes 
the price tag data 312 by registering It. 
[0752] The service provider 31 0 distributes the secure 
container 304 to the user home network 303 online or 
offline. If the secure container 304 Is supplied offline, it 
is recorded on a recording medium (ROM) and is directly 
supplied to the SAMs 305., through 3064. If the secure 
container 304 is supplied online, the service provider 
310 first perfonns mutual authentication with the CA 
module 311 , and encrypts the secure container 304 by 
using the session key data Kggs and sends it. The CA 
module 311 receives the encrypted secure container 
304 and decrypts it by using the session key data Kggs, 



and then transfers It to the SAMs 305., through 3054. 
[0753] In this case, as communication protocols for 
sending the secure container 304 from the content pro- 
vider 301 to the user home network 303, MHEGis used 

5 fora digital broadcast, and XML/SMILVHTML Is used for 
the Internet. The secure container 304 is embedded 
within the corresponding protocol according to a tun- 
neling technique without depending on the communica- 
tion protocol (coding method). 

10 [0754] Accordingly, the format of the secure container 
304 does not have to match the communication proto- 
col, thereby increasing the flexibility In selecting the for- 
mat of the secure container 304. 

[0755] Subsequently, the SAMs 305i through 3064 
'5 check the signature data stored in the secure container 
304 so as to verify the Integrity of the creator and the 
sender of the content file CF and the key file KF stored 
In the secure container 304. The SAMs 305.| through 
3064 then decode the key file KF by using the license 
20 key data KD^ through KD3 of corresponding periods dis- 
tributed from the EMD service center 302. 
[0756] In the network device 360., and the A/V ma- 
chines 36O2 through 36O4, the purchase and usage 
modes of the secure container 304 suppliedto the SAMs 
25 305-, through 3064 are detennined according to the us- 
er's operation, and the secure container 304 is then 
ready to be played back or recorded on a recording me- 
dium. 

[0757] The SAMs 305, through 3064 record the pur- 
30 chase and usage log of the secure container 304 as the 
usage log data 308. The usage log data (log data or a 
management-apparatus log data) 308 is sent from the 
user home network 303 to the EMD service center 302 
in response to, for example, a request from the EMD 
35 service center 302. 

[0758] Upon detemnining the purchase mode of the 
content, the SAMs 305i through 3054 send the DCS da- 
ta 1 66 indicating the purchase mode to the EMD service 
center 302. 

40 [0759] The EMD service center 302 determines (cal- 
culates) the accounting content for each of the content 
provider 301 and the service provider 31 0 based on the 
usage log data 308, and settles the account, based on 
the calculated accounting content, by using the settle- 
rnent organization 91 , such as a bank, via the payment 
gateway 90. According to this settlement, the payment 
made by the user of the user home network 303 to the 
settlement organization 91 is given to the content pro- 
vider 301 and the sen/Ice provider 31 0 by the settlement 

50 processing performed by the EMD service center 302. 
[0760] In this embodiment, the EMD service center 
302 has an authentication function, a key-data manage- 
ment function, and a rights processing (profit distribu- 
tion) function. 

55 [0761] More specifically, the EMD service center 302 
serves as a second certifying authority located at a layer 
lower than the root certifying authority 92, which is the 
neutral supreme authority, and authenticates public key 
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data by attaching a signature to the public-key certificate 
data of the public key data by using private key data of 
the ElVID service center 1 02. The public key data is used 
for verifying the integrity of the signature data in the con- 
tent provider 301, the service provider 310, and the 
SAMs 305, through 3064. As stated above, the EMD 
service center 1 02 registers and authorizes the UCP da- 
ta 106 of the content provider 301 , the content key data 
Kc, and the price tag data 312 of the service provider 
310, which is also part of the authentication function of 
the EMD service center 302. 

[0762] The EMD service center 302 also has the key- 
data management function of managing key data, such 
as license key data KD, through KOg. 
[0763] The EMD service center 302 also has the fol- 
lowing rights processing (profit distribution) function. 
The EMD service center 302 settles the account for the 
purchase and usage of the content made by the user 
based on the UCP data 1 06 registered by the content 
provider .301 , the usage log data 308 Input from the 
SAMs 305i through 3064, and the price tag data 312 
registered by the service provider 310, and distributes 
the payment made by the user to the content provider 
301 and the service provider 31 0. 
[0764] Details of the individual elements of the con- 
tent provider 301 are as follows. 

[Content provider 301 ] 

[0765] The content provider 301 is similar to the con- 
tent provider 101 of the first embodiment except that it 
supplies the secure container 104 shown in Figs. 3A 
through 30 to the service provider310 online or offline. 
[0766] That is, the content provider 301 creates the 
secure container 104 and inserts it into a product dis- 
tributing protocol for the content provider according to 
the process shown in Figs. 1 7 through 19. 
[0767] The service provider 310 then downloads the 
secure container 1 04 and extracts it from the protocol. 

[Service provider 310] 

[0768] The service provider 31 0 creates the secure 
container 304 in which the content file CF and the key 
file KF supplied from the content provider 301 and the 
price tag data 312 are stored, and distributes it to the 
network device 360., and the AA/ machines SaOj 
through 360^ of the user home network 303 online or 
offline. 

[0769] The services by the service provider 3 1 0 to the 
distribution of the content are largely divided into two 
types, i.e., independent services and dependent servic- 
es. 

[0770] The independent sen/ices are downloading 
services for individually distributing the contents. The 
dependent services are services for distributing the con- 
tent together with programs or commercials (CM), for 
example, supplying the content of a theme song of a 



drama program by inserting it in a drama program 
stream. This enables the user to purchase the content 
stored in the stream while watching the drama program. 
[0771 ] Upon receiving the secure container 1 04 from 
5 the content provider 301 , the service provider 3 1 0 cre- 
ates the secure container 304 according to the following 
process. 

[0772] A description is now given , with reference to 
the flow chart of Fig. 83, of the process of creating the 
10 secure container 304 from the secure container 1 04 re- 
ceived from the content provider 301 and distributing it 
to the user home network 303. 

[0773] In step S83-1, the service provider 310 re- 
ceives the secure container 104 shown in Figs. 3A 
'5 through 3G-from the content provider 301 online or of- 
fline, and stores it. 

[0774] If the secure container 104 is sent online, the 
secure container 104 is decoded by using the session 
key data Kg^s obtained by mutual authentication be- 
20 tween the content provider 301 and the service provider 
310. 

[0775] In step S83-2, the service provider 31 0 verifies 
the integrity ofthe signature data SIG.) shown in Fig. 
3C of the secure container 104 by using the public key 

25 data Kgsc p of the EMD service center 302, and then, 
extracts the public key data K^pp from the public-key 
certificate data CERcp shown in Fig. 30. 
[0776] The service provider 310 then checks the sig- 
nature data SIGe cp and SIG7 Qp shown in Figs. 3A and 

30 3B, respectively, of the secure container 104 by using 
the extracted public key data Kcp.p so as to verify the 
integrity of the creator and the sender of the content file 
CF and the sender of the key file KF. 
[0777] The service provider 31 0 also checks the sig- 

35 nature data SIG^i esc stored in the key file KF shown 
in Fig. 3B by using the public key data Kgsc.p so as to 
verify the integrity of the creator of the key file KF. This 
also verifies the official registration of the key file In the 
EMD service center 102. 

■<o [0778] Thereafter, in step S83-3, the service provider 
310 creates the price tag data 312 obtained by adding 
a price for the sen^ices ofthe service provider 31 0 to the 
RSP desired by the content provider 301 which has 
been reported from the content provider 301 offline. 

'*s [0779] The service provider 31 0 also creates signa- 
ture data SIGgg.sp. SIGg3sp, and SIGg4Sp from the 
hash values of the content file CF, the key file KF, and 
the price tag data 312, respectively, by using the private 
key data Kgp p of the service provider 310. 

50 [0780] The signature data SIG52 SP is used for verify- 
ing the integrity of the sender ofthe content file CF, the 
signature data SIGqs gp is used for verifying the sender 
of the key file KF, and the signature data SIGe43p is 
used for verifying the creator and the sender ofthe price 

55 tag data 312. 

[0781 ] The service provider 31 0 then creates the se- 
cure container 304 in which the content file OF and the 
signature data SIGgcp and SlGgg sp therefor, shown in 
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Fig. 84A, the key file KF and the signature data SIG7 cp 
and SIGg3 ESC therefor, shown in Fig. 84B, the price tag 
data 312 and the signature data SiGs4SP therefor, 
shown in Fig. 84C, and the public-l<ey certificate data 
CERsp and the signature data SIGgi gsc therefor and 
the public-key certificate data CERcp and the signature 
data SIGi ESC therefor, shown in Fig. 84D, are stored, 
and then stores the created secure container 304 in a 
secure container database. 

[0782] The secure container 304 stored In the secure 
container database is centrally nnanaged by the service 
provider 310 by using, for example, the content ID. 
[0783] Fig. 84Aillustrates the configuration of the con- 
tent file CP when a DSP is used as an A/V compression/ 
decompression device for decompressing the content 
data C. The DSP decompresses the content data C 
within the secure container 104, and also embeds and 
detects digital watermark information by using A/V de- 
compression software and a digital watermark informa- 
tion modulo within the secure container 304. This ena- 
bles the content provider 301 to ennploy a desired com- 
pression method and a digital-watermark embedding 
method. 

[0784] If hardware or prestored software is used as 
an A/V compression/decompression device for decom- 
pressing the content data C and for embedding and de- 
tecting digital watermark information, the A/V decom- 
pression software and the digital watermark information 
module may not be stored within the content file CF. 
[0785] Then , in step S83-4, the service provider 3 1 0 
reads the secure container304 from the secure contain- 
er database in responsetoarequestfromthe userhome 
network 303. 

[0786] In this case, the secure container 304 may be 
a composite container in which a plurality of content files 
CF and a plurality of corresponding key files KF are 
stored. For example, in a single secure container 304, 
a plurality of content files CF concerning a piece of mu- 
sic, a video clip, a word card, a liner note, and a jacket 
may be stored. The plurality of content files CF may be 
stored within the secure container 304 in a directory 
structure. 

[0787] If the secure container 304 is sent via a digital 
broadcast, the l\^HEG protocol is employed. If the se- 
cure container 304 is sent via the Internet, the XML/ 
SMILyHTML protocol is employed. 
[0788] In this case, the content file CF and the key file 
KF within the secure container 104 are stored in a pre- 
determined layer of a communication protocol which is 
employed between the service provider 31 0 and the us- 
er home network 303 without being dependent on the 
coding method, such as the MHEG or HTML protocol. 
[0789] For example, if the secure container 304 is 
sent via a digital broadcast, as shown in Fig. 85, the con- 
tent flle CF is stored as MHEG content data within a 
MHEG object. 

[0790] A MHEG object which is a moving picture is 
stored in a packetized elementary stream (PES)-video 



in the transport layer protocol, a MHEG object which is 
sound is stored in PES-audio in the transport layer pro- 
tocol, and a MHEG object which is a still image is stored 
in Private-Data. 

5 [0791] The key file KF, the price tag data 312, and the 
public-key certificate data CERcp, CERgp are stored, 
as shown in Fig. 88, in entitlement control message 
(ECM) within a TS packet of the transport layer protocol. 
[0792] The content file CF, the key file KF, the price 

10 tag data 312, and the public-key certificate data CERcp, 
CERgp are linked by the directory structure data DSD, 
within the header of the content file CF. 
[0793] The service provider 31 0 then supplies the se- 
cure container 304 to the user home network 303 online 

'5 and/or offline. 

[0794] If the secure container 304 is distributed to the 
network device 360., of the user home network 303, the 
service provider310 encrypts the secure container 304 
by using the session key data K^es after perfomriing mu- 

20 tual authentication, and then distributes it to the network 
device 360, via a network. 

[0795] If the secure container 304 is broadcast via a 
satellite, the service provider 310 encrypts the secure 
container 304 with scrambling key data KgcR. The 
2S scrambling key data KgcR is also encrypted with work 
key data K^, and the work key data Kw is encrypted 
with master key data K^,. 

[0796] The service provider 310 then sends the 
scrambling key data KgcR and the work key data K^ 
30 togetherwith the secure container304 to the user home 
network 303 via a satellite. The sen/ice provider 31 0 al- 
so distributes the master key data Kyy by storing it in, for 
example, an IC card, to the user home network 303 of- 
fline. 

^5 [0797] Upon receiving the SP purchase log data 309 
concerning the content data Cfrom the userhome net- 
work 303, the service provider 310 stores It. 
[0798] In determining future sen/ices, the service pro- 
vider 310 refers to the SP purchase log data 309. The 

40 service provider 310 also analyzes, based on the pur- 
chase log data 309, the user's favorites of the SAMs 
30Si through 3064 which have sent the SP purchase log 
data 309, and then creates user favorite filer data 900 
and sends it to the CA module 311 of the user home 

45 network 303. 

[0799] The service provider 31 0 or a service-provider 
related organization registers in the EMD service center 
302 offline, and acquires a globally unique identifier 
SP_ID by using an ID certificate of the sen/ice provider 

so 310 or a bank account for perfomiing settlement 
processing. 

[0800] The service provider 310 also authorizes the 
price tag data 312 by registering it in the EMD service 
center 302. 

55 

[EMD service center 302] 

[0801] As discussed above, the EMD service center 
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302 serves as a certifying authority (CA), a key manage- 
ment authority, and a rights processing (rights clearing) 
authority. 

[0802] Fig. 87 illustrates the major functions of the 
EMD service center 302. The EMD service center 302 
performs processing, as illustrated in Fig. 87, such as 
supplying the license key data to the content provider 
301 and the SAMs 305, through 3064, issuing the pub- 
lic-key certificate data CER^p, CERgp, and CERsami 
through CERsam4, creating the key file KF, and settle- 
ment processing (profits distribution) based on the us- 
age log data 308. 

[0803] Amongthe above-describedfunctions, supply- 
ing the license key data, issuing the public-key certifi- 
cate data CERcp and CERsami through CERsam4. and 
creating the key file KF are similar to those of the EMD 
service center 1 02 of the first embodiment. 
[0804] Unlike the EMD service center 102, however, 
the EMD service center 302 issues the public-key cer- 
tificate data CERsp of the service provider 3 1 0, and also 
distributes, based on the usage log data 308, the profits 
obtained by the purchase of the content data C in the 
SAMs 305., through 3064 to the content provider 301 , 
content-provider rights holders, the service provider 
310, and service-provider rights holders. 
[0805] The contents of the usage log data 308 may 
be those shown in Fig. 21 . 

[0806] The EMD sen/ice center 302 also creates the 
user favorite filter data 900 for selecting content data C 
according to the user's favorites of the SAMs 305., 
through 3064 which have sent the usage log data 308, 
and sends it to the SAMs 305., through 3054 via the SAM 
manager 149. 

[User home network 303] 

[0807] The user home network 303 includes, as 
shown in Fig. 82, the networi< device 360^ and the AA/ 
machines 36O2 through 36O4. 

[0808] The network device 360^ integrates the CA 
module 311 and the SAM 305, therein. The AA/ ma- 
chines 36O2 through 36O4 integrate the SAMs SOSg 
through 3054, respectively. The SAMs 305., through 
3054 are connected to each other via the bus 1 91 , such 
as a 1394-serial interface bus. 

[0809] The AA' machines 36O2 through 36O4 may be 
provided with a network communication function, 
though it is not essential. If a network communication 
function is not provided, the AA/ machines 36O2 through 
36O4 may simply use the network communication func- 
tion of the network device 360i via the bus 1 91 . Alter- 
natively, the user home network 303 may include only 
/W machines without a network function. 
[081 0] Details of the network device 360., are as fol- 
lows. 

[0811] Fig. 88 is a block diagram Illustrating the net- 
wori< device 360i. The network device 360i includes, 
as shown in Fig. 88, the communication module 162, 



the CA module 311, a decoding module 905, the SAM 
305^, the /W compression/decompression SAM 163, 
the operation unit 165, the download memory 167, the 
playback module 169, the external memory 201 , and the 

5 host CPU 810, The same elements as those shown in 
Fig. 22 are designated with like reference numerals. 
[0812] The communication module 162 performs 
processing for communicating with the service provider 
310. More specifically, the communication module 162 

10 outputs the secure container 304 received from the 
sen/ice provider 310 via, for example, a satellite broad- 
cast, to the decoding module 905. The communication 
module 162 also outputs the user favorite filter data 900 
received from the service provider 310 via, for example, 

'5 a telephone line, to the CA module 311 , and also sends 
the SP purchase log data 309 received from the CA 
module 311 to the service provider 31 0.via, for example, 
a telephone line. 

[081 3] Fig. 89 is a functional block illustrating the CA 

20 module 31 1 and the decoding module 905. 

[0814] The CA module 311 Includes, as shown in Fig. 
89, a mutual authentication unit 906, a storage unit 907, 
an encryption/decryption unit 908, and a SP purchase 
log data generator 909. 

2s [081 5] In sending and receiving data between the CA 
module 31 1 and the service provider 31 0 via a telephone 
line, the mutual authentication unit 906 perfonns mutual 
authentication with the service provider 3 1 0 so as to cre- 
ate the session key data Kg^s and outputs It to the en- 

30 cryption/decryption unit 908. 

[0816] The storage unit 907 stores the master key da- 
ta K|^ supplied offline from the service provider 310 by 
being stored in an IC card 912 after the senrice provider 
31 0 has made a contract with the user. 

35 [0817] The encryption/decryption unit 908 receives 
the encrypted scrambling key data Kg^f, and work key 
data from a decoder 910 of the decoding module 
905, and decrypts the work key data by using the 
master key data read from the storage unit 907. The 

40 encryption/decryption unit 908 then decrypts the scram- 
bling key data K^^r tty using the decrypted work key 
data Kyy, and outputs it to the decoder 91 0. 
[0818] The encryption/decryption unit 908 also de- 
crypts the user favorite filter data 900 received from the 

45 service provider 310 by the communication module 162 
via, for example, a telephone line, by using the session 
key data Kg^g froni the mutual authentication unit 906, 
and outputs it to a secure-container selection unit 911 
of the decoding module 905. 

50 [0819] The encryption/decryption unit 908 decrypts 
the SP purchase log data 309 received from the SP pur- 
chase log data generator 909 by using the session key 
data KsEs '''O'" mutual authentication unit 906, and 
sends it to the service provider 31 0 via the communica- 

55 tion module 1 62. 

[0820] The S P purchase log data generator 909 gen- 
erates the SP purchase log data 309 indicating the pur- 
chase log of the content data C unique to the service 
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provider 310 based on the operation signal S165 ob- 
tained by performing the user's operation on the opera- 
tion unit 165 shown in Fig. 88, or based on the UCS data 
1 66 from the SAIVI 305^ . The SP purchase log data gen- 
erator 909 then outputs the SP purchase log data 309 
to the encryption/decryption unit 908. 
[0821] The SP purchase log data 309 includes infor- 
mation on distribution services of the service provider 
310 reflecting the user's opinion, a monthly basic fee 
(Incurred by using a network), contract (update) infor- 
mation, and purchase log information. 
[0822] The CA module 311 communicates with an ac- 
count database of the service provider31 0, if the service 
provider 31 0 has an accounting function, a client man- 
agement database, and a marketing information data- 
base. In this case, the CA module 311 sends account 
data for distribution services of the content data to the 
service provider 310. 

[0823] The decoding module 905 Includes the decod- 
er 910 and the secure-container selection unit 911 . 
[0824] The decoder 91 0 receives the encrypted se- 
cure container 304, the scrambling key data KgcR. and 
the work key data K^from the communication module 
162. The decoder 910 then outputs the encrypted 
scrambling key data KgcH and the work key data Kw to 
the encryption/decryption unit 908 of the CA module 31 1 
and receives the decrypted scrambling key data KgcR 
from the encryption/decryption unit 908. The decoder 
910 also decrypts the encrypted secure container 304 
by using the scrambling key data Kgcp. and then outputs 
it to the secure-container selection unit 911 . 
[0825] If the secure container 304 is sent from the 
service provider 31 0 according to the MPEG2 transport 
stream method, the decoder 910 extracts the scram- 
bling key data KgcR from the ECM of theTS Packet, and 
extracts the work key data K^^ from the ElVIM. 
[0826] The ECM-also contains program attribute in- 
formation of each channel. The EMM also contains 
demonstration contract information of each user (view- 
er). 

[0827] The secure-container selection unit 911 filters 
the secure container304 received from the decoder91 0 
by using the user favorite filter data 900 received from 
the CA module 311 so as to select the secure container 
1 04 according to the user's favorite, and outputs itto the 
SAM 305.,. 

[0828] The SAM 305^ is discussed in detail below. 
[0829] The functions and the structure of the SAM 
305., are basically similar to those of the SAM 105., of 
the first embodiment described with reference to Figs. 
22 through 72, except that it performs processing for not 
only the content provider 301, but also for the service 
provider 310, such as checking the signatures for the 
service provider 310. 

[0830] The SAMs 305^ through 3064 are modules for 
perfomiing accounting for each content and communi- 
cating with the EMD service center 302. 
[0831] The configuration of the user home network 



1 04 shown in Fig. 63 is applicable to the devices within 
the user home network 303. The configurations of the 
rights processing SAM, the medium SAM 133, the AA/ 
compression/decompression SAM 163, and the medi- 

s um drive SAM 260 described with reference to Figs. 68 
to 79 are applicable to the SAMs 305, through 3064 
within the user home network 303. 
[0832] The SAMs SOSj through 3054 basically have 
the same.functions as the SAM 305,. 

w [0833] Details of the functions of the SAM 305., are as 
follows. 

[0834] Fig. 90 is a block diagram illustrating the func- 
tions of the SAM 305.,, and also illustrates the flow of 
data relating to processing for receiving the secure con- 
's tainer 304 from the service provider 31 0. 

[0835] The SAM 305, includes, as shown in Fig. 90, 
a mutual authentication unit 170, encryption/decryption 
units 171, 172, and 173, a download memory manager 
182, an A/V compression/decompression SAM manag- 
20 er 184, an EMO service center manager 185, a usage 
monitor 186, a SAM manager 190, a storage unit 192, 
a medium SAM manager 197, a work memory 200, a 
sen/ice provider manager 580, an accounting processor 
587, a signature processor 589, an external memory 
25 manager 811, and a CPU 1100. 

[0836] As in the case of the SAM 105i, predetenmined 
function of the SAM 305., shown in Fig. 90 are imple- 
mented by executing the private program by the CPU. 
[0837] In Fig. 90, the same functional blocks as those 
30 shown in Fig. 30 are designated with like reference nu- 
merals. 

[0838] In the external memory 201 shown in Fig. 88, 
the usage log data 308 and the SAM registration list are 
stored by executing the processing discussed in the first 

35 embodiment and processing, which is discussed below. 
[0839] In the work memory 200, as shown in Fig. 91 , 
the content key data Kc, the UCP data 1 06, the lock key 
data Kloc °f storage unit 1 92, the public-key certif- 
icate data CERcp of the content provider 301 , the pub- 

40 lie-key certificate data CERgp of the service provider 
310, the UCS data 166, the SAM program download 
containers SOC, through SDC3, and the price tag data 
312. 

[0840] Among the functional blocks of the SAM 305i, 
'*s only the functional blocks unique to the second embod- 
iment in Fig. 90 are explained below. 
[0841] The signature processor 589 verifies the sig- 
nature data within the secure container 304 by using the 
public key data Kgg^ p of the EMD service center 302, 
50 the public key data K^pp of the content provider 301 , 
andthe public key data Ksp.p of theservice provider31 0, 
all of which are read from the storage unit 192 or the 
work memory 200. 

[0842] When the CPU 1100 receives the intemal in- 
S5 terrupt S81 0 from the host CPU 81 0 in accordance with 
the user's operation, as shown in Fig. 92 , the accounting 
processor 587 performs accounting processing under 
the control of the CPU 1100 In accordance with thecon- 
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tent purchase and usage modes of the content based 
on the price tag data 312 read from the work memory 
200. 

[0843] The price tag data 312, which indicates the 
sales price of the content data to the user, is output to 
the exterior of the SAM 305, via predetermined output 
means in determining the purchase mode of the content 
data by the user. 

[0844] The accounting processing by the accounting 
processor 587 is executed based on the contents of 
rights, such as the licensing agreement conditions indi- 
cated by the UCP data 106, and the UCS data 166, un- 
der the monitoring of the usage monitor 1 86. That is, the 
user Is able to purchase and utilize the content within 
the allowances of the rights. 

[0845] In performing the accounting processing, the 
accounting processor 587 creates or updates the usage 
log data 308, and writes it into the external memory 201 
via the external memory manager 811 . 
[0846] The usage log data 308, as well as the usage 
log data 1 08 used in the first embodiment, is used for 
determining the payment of the license fee for the se- 
cure container 304 by the EMD service center 302. 
[0847] The accounting processor 587 alsocreatesthe 
UCS data 166 indicating the purchase and usage 
modes of the content detenmined by the user under the 
control of the CPU 1100, and writes It Into the work mem- 
ory 200. 

[0848] The purchase modes of the content include 
"sell through" in which no restriction is imposed on play- 
back operation by the purchaser and copying for the use 
of the purchaser, "pay per play" in which charging incurs 
every time the content is played back, and so on. 
[0849] The UCS data 1 66 is created upon detennlnlng 
the purchase mode by the user, and is used for control- 
ling the use of the content to make sure that the user 
utilizes the content within the allowances of rights. In the 
UCS data 166, the content ID, the purchase mode, the 
sell through price, the SAM_ID of the SAM which has 
purchased the content, the USER_ID of the user who 
has purchased the content, and so on. 
[0850] If the detemnlned purchase mode Is "pay per 
play", "pay per SCMS", or "pay per copy N without copy 
guard", the SAM 305., sends the UCS data 166 to the 
service provider 310 in real time, and the service pro- 
vider 31 0 instructs the ElVID service center 302 to obtain 
the usage log data 308 from the SAM 305,. 
[0851] If the detennined purchase mode is "sell 
through", the UCS data 1 66 is sent to the service pro- 
vider 310 and the EMD service center 302 in real time. 
[0852] In the SAM 305.,, as illustrated in Fig. 90, the 
user favorite filter data 900 received from the EMD serv- 
ice center 302 via the EMD service center manager 1 85 
is output to the service provider manager 580. Then, in 
the service provider manager 580, the secure container 
304, which has been received from the decoding mod- 
ule 905 shown in Fig. 89 and filtered based on the user 
favorite filter data 900, is selected, and the selected se- 



cure container 304 is output to the download memory 
manager 182. This enables the SAM 305, to select the 
content data C according to the user's favorite, based 
on the purchase of the content data C, obtained from all 
5 the service providers 310 which have made a contract 
with the user. 

[0853] The flows of the processes within the SAM 
305., are as follows. 

10 Processing to be executed when receiving license key 
data 

[0854] The flow of the process within the SAM 305^ 
for storing the license key data KD., through KD3 re- 
15 ceived from the EMD service center 302 in the storage 
unit 192 is similar to that of the first embodiment dis- 
cussed with reference to Fig. 35. 

Processing to be executed when receiving the secure 
20 container 304 from the service provider 31 0 

[0855] The flow of the process within the SAM 305., 
when receiving the secure container 304 from the serv- 
ice provider 31 0 is described below with reference to 
25 Fig. 93. 

[0856] In the following example, in the SAM 305^ , var- 
ious types of signature data are checked when receiving 
the secure container 304. However, the signature data 
may be checked when determining the purchase and 
30 usage modes rather than when receiving the secure 
container 304. 

[0857] In step. S93-0, the CPU 1 1 00 of the SAM 305, 
shown in Fig. 90 receives from the host CPU 810 the 
internal interrupt S810 indicating an instruction to per- 

35 fonn processing for receiving the secure container. 
[0858] In step S93-1 , the mutual authentication unit 
1 70 of the SAM 305i shown in Fig. 90 perfomns mutual 
authentication with the service provider 310. 
[0859] Then, in step S93-2, the mutual authentication 

40 unit 1 70 of the SAM 305, conducts mutual authentica- 
tion with the medium SAM 167a of the download mem- 
ory 167. 

[0860] In step 593-3, the secure container 304 re- 
ceived from the sen/ice provider 31 0 is written into the 

45 download memory 167. Simultaneously, the secure con- 
tainer 304 is encrypted in the mutual authentication unit 
1 70, and is decrypted in the medium SAM 1 67a by using 
the session key data obtained in step S93-2. 
[0861 ] In step S93-4, the SAM SOS, decodes the se- 

50 cure container 304 by using the session key data ob- 
tained in step S93-1 . 

[0862] Subsequently, in step S93-5, the signature 
processor 589 verifies the signature data SIGg^ 530 
shown in Fig. 84D, and then verifies the integrity of the 
55 signature data SIGe2,sp, SIGga^sp. and SIG64,sp by us- 
ing the public key data Ksp_p of the service provider 31 0 
stored in the public-key certificate data CERgp shown 
in Fig. 84D. 
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[0863] When verifying the integrity of the signature 
data SlGga.sp. the integrity of the sender of the content 
file CF is verified. When verifying the integrity of the sig- 
nature data SIGe3 sp, the integrity of the sender of the 
key file KF is verified. When verifying the integrity of the s 
signature data SIG64 Sp, the integrity of the creator and 
the sender of the price tag data 31 2 is verified. 
[0864] In step S93-6, the signature processor 589 ver- 
ifies the signature data SIG.| ESC shown in Fig. 84D, and 
then, verifies the signature data SIGg and SIG^. by 10 
using the public key data K^pp of the content provider 
301 stored in the public-key certificate data CERcp 
shown in Fig, 84D. 

[0865] When verifying the integrity of the signature 
data SIGg CP, the integrity of the creator and the sender '5 
of the content file CF is verified. When verifying the In- 
tegrity of the signature data SIG7 ^p. the sender of the 
key file KF is verified. 

[0866] In step 93-7, the signature processor 589 
checks the signature data SIGki gsc within the key file .20 
KF shown in Fig. 84B by using the public key data 
Kgsc p read from the storage unit 1 92 so as to verify the 
Integrity of the creator of the key file KF and the official 
registration of the key file KF In the EMD service center 
302. 2S 
[0867] Then, in step S93-8, the encryption/decryption 
unit 1 72 decrypts the content key data Kc, the UCP data 
106, and the SAM program download containers SDC, 
through SDC3 within the key file KF shown In Fig. 84B 
by using the license key data KD^ through KD3 of cor- 30 
responding periods read from the storage unit 192, and 
writes them into the work memory 200. 
[0868] In step S93-9, the CPU 1100 detenntnes 
whether the above-described processing for receiving 
the secure container has been correctly perfomied, and 35 
reports the corresponding infonnatlon to the host CPU 
810 through an external interrupt. 
[0869] Alternatively, the CPU 11 00 may set a flag In 
the SAIVI status register indicating whether the above- 
described processing is suitably performed, and the 40 
host CPU 810 may-read the flag by polling. 

Processing for determining the purchase mode of 
downloaded secure container 

45 

[0870] The processing for determining the purchase 
mode of the downloaded secure container is basically 
similar to that perfonned by the SAM 105, of the first 
embodiment described with reference to Fig. 38. Ac- 
cording to this processing, the key file KF, shown in Fig. 
97C, which is discussed later, is stored In the download 
memory 167 via the work memory 200 and the down- 
load memory manager 1 82. 

Playback processing of content data 

[0871] The playback processing of the content data 
C, for which the purchase mode is determined, stored 



in the download memory 167 is basically similar to the 
processing performed by the SAM 1 05., of the first em- 
bodiment described with reference to Fig. 40. 

Processing to be executed when the UCS data 1 66 of 
one machine Is utilized for re-purchasing the content in 
another machine 

[0872] After determining the purchase mode of the 
content file CF downloaded Into the download memory 
167 of the network device 360^, as shown in Fig. 94, a 
new secure container 304x storing the content file CF is 
created, and Is transferred from the SAM 305^ to the 
SAM 3052 of the AA/ machine 360a via the bus 1 9 1 . This 
processing in the SAM SOS^ is discussed below with ref- 
erence to Figs. 95 and 96. 

[0873] The processing indicated by the flow chart of 
Fig. 96 is executed, assuming that the key file KF., and 
the hash value H^i therefor shown in Fig. 97C are stored 
in the work memory 200 of the SAM 305., according to 
the above-described purchase processing. 
[0874] In step S96-1 , according to the user's opera- 
tion on the operation unit 1 65 shown In Figs. 88 and 94, 
the internal Interrupt 8810 making an instruction to 
transfer the secure container, for which the purchase 
mode Is detemnlned, to the SAM SOSq is output from the 
host CPU 810 to the CPU 1100 shown In Fig. 95. The 
accounting processor 587 updates the usage log data 
308 stored in the external memory 201 according to the 
detenmined purchase mode under the control of the 
CPU 1100. 

[0875]. In step S96-2, the SAM 305^ checks the SAM 
registration list discussed In the first embodiment so as 
to determine whether the SAM SOSg, which receives the 
secure container, Is officially registered. If so, the SAM 
305^ executes processing of step S96-3. The SAM 305^ 
also detennines whether the SAM 3063 is a SAM within 
the user home network 303. 

[0876] Then, in step S96-3, the mutual authentication 
unit 170 shares the session key data K^bs obtained by 
mutual authentication with the SAM 3052. 
[0877] In step S96-4, the SAM manager 1 90 reads the 
content file CF and the signature data SIGgcp and 
SIG7 CP shown In Fig. 84A from the download memory 
211 , and causes the signature processor 189 to create 
the signature data SIG4^ sami using the private key 
data KsAMi of the SAM 305^. 

[0878] In step 896-5, the SAM manager 1 90 reads the 
key file KF and the signature data SIG7 cp and SIGgs sp 
shown in Fig. 84B from the download memory 21 1 , and 
causes the signature processor 589 to create the signa- 
ture data SIG42s/^Mi using the private key data 
^SAivii of the SAM 305^. 

[0879] Thereafter, In step S96-6, the SAM manager 
190 creates the secure container 304x shown In Figs. 
97A through 97E. 

[0880] In step 896-7, the encryption/decryption unit 
171 encrypts the secure container 304x shown In Figs. 
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97A through 97E by using the session key data Kses 
obtained in step S96-3. 

[0881] Then, in step 896-8, the SAIVI nnanager 190 
outputs the secure container 304x to the SAIVI SOSg of 
the AA/ machine seOg shown in Fig. 94. In this case, not 
only mutual authentication between the SAMs 305, and 
3052, t>ut also mutual authentication of the bus 191, 
which is an IEEE-1394 serial bus, is performed. 
[0882] In step S96-9, the CPU 1100 determines 
whether the above-described processing for transfer- 
ring the secure container 304x has been correctly per- 
formed, and reports the corresponding information to 
the host CPU 810 through an external interrupt. 
[0883] Alternatively, the CPU 1 1 CO may set a register 
in the SAM status register indicating whetherthe above- 
described processing has been precisely performed, 
and the host CPU 810 may read the flag by polling. 
[0884] A description is now given, with reference to 
Figs. 98, 99, and 100, of the flow of the process within 
the SAM 3052 when writing the secure container 304x 
shown in Figs. 97A through 97E input from the SAM 
305., into the recording medium (RAM) 1304, as shown 
in Fig. 94. 

[0885] Figs. 99 and 100 are a flow chart illustrating 
the above-described processing. The recording medi- 
um (RAM) 1304 Includes, as shown in Fig. 14, the un- 
secured RAM area 134, the medium SAM 133, and the 
secure RAM area 132. 

[0886] In step 899-0, the CPU 1100 of the SAM 3052 
shown In Fig. 98 receives from the host CPU 810 the 
Internal Interrupt 8810 indicating an instruction to record 
the received secure container, for which the purchase 
mode is determined, on a recording medium. 
[0887] Then , in step S99-1 . the SAM SOSg checks the 
SAM regiistration list to detennine whether the SAM 
3051 , which has sent the secure container. Is officially 
registered. If so, the SAM 3052 executes step S99-2. 
The SAM 3052 ^Iso detemiines whetherthe SAM 305, 
is a SAM within the user home network 303. 
[0888] In step 899-2, as the processing correspond- 
ing to step S96-3, the SAM 3052 shares the session key 
data Kses obtained by performing mutual authentication 
with the SAM 305i. 

[0889] Then , in step S99-3 , the SAM manager 1 90 of 
the SAM 3052 receives, as shown In Fig. 94, the secure 
container 304x from the SAM 305, of the network device 
360i. 

[0890] In step S99-4, the encryption/decryption unit 
1 71 decrypts the secure container 304x received via the 
SAM manager 190 by using the session key data Ks^s 
shared in step S99-2. 

[0891] Subsequently, in step S99-5, the content file 
CF within the decrypted secure container 304x under- 
goes processing, such as sectorizing, adding a sector 
header, scrambling, ECO encoding, modulating, and 
synchronizing, by the medium drive SAM 260 shown in 
Fig. 94, and Is then recorded on the RAM area 1 34 of 
the recording medium (RAM) I3O4. 



[0892] In step S99-6, the signature data SIGg cp, 
SIG62,sp, and SIG4i_sami within the secure container 
304x decrypted with the session key data Ksgs, the key 
file KF and the signature data SIGy cp. SIGgg gp. and 
5 SIG42.sAMi.tf1e key file KF, and the hash value Hki, the 
public key signature data CERgp and signature data 
SIGg., £sc, the public key signature data CER^p and sig- 
nature data SIG., £sc. ^rid the public key signature data 
CERsAMi arid signature data SIGga.Esc are written into 
'0 the work memory 200. 

[0893] In step S99-7, in the signature processor 589, 
the signature data SIGg^^sc, ^'^lesc, ^rid SIG22,esc 
read from the work memory 200 is checked by using the 
public key data Kesc.p read from the storage unit 192 
15 so as to verify the integrity of the public-key certificate 
data CERgp, CER^p, and CERg^^^,. 
[0894] Then, in the signature processor 589, the in- 
tegrity of the signature data SIGg cp is verified by using 
the public key data Kcpp stored in the public-key certif- 
20 icate data CERcp so as to verify the integrity of the cre- 
ator of the content file CF. Also in the signature proces- 
sor 589, the integrity of the signature data SIGg2,sp is 
verified by using the public key data K^pp stored in the 
public-key certificate data CERgp so as to verify the in- 
25 tegrity of the sender of the content file CF. The signature 
processor 589 verifies the integrity of the signature data 
SIG4i,sAMi using the public key data Ksa^lp stored 
in the public-key certificate data CERsami so as to verify 
the integrity of the sender of the content file CF. 
30 [0895] In step S99-8, in the signature processor 589, 
the integrity of the signature data SIG7 gp, SIGga sp. and 
SIG42 sAMi stored in the work memory 200 Is verified by 
using the public key data Kcpp, Kspp, and Kg^Mi^p 
stored in the public-key certificate data CERgp, CERgp, 
35 and CERsami ■ respectively. 

[0898] Then, in step 899-9, in the signal processor 
589, the Integrity of the signature data SIG^i ,esc stored 
in the key file KF shown in Fig. 97B Is verified by using 
the public key data K^scp read from the storage unit 
40 1 92 so as to verify the Integrity of the creator of the key 
file KF. 

[0897] In step S99-10, the signature processor 589 
checks the integrity of the hash value H^i so as to verify 
the integrity of the creator and the sender of the key file 

45 KFv 

[0898] In this embodiment, the creator and the sender 
of the key file KF., are the same. However, if they are 
different, signature data for the creator and signature 
data for the sender are created, and the integrity of both 
50 signature data is verified in the signal processor 589. 
[0899] In step S99-11 , the usage monitor 186 starts 
to control the purchase and usage modes of the content 
data C by using the UCS data 1 66 stored in the key file 
KF, decrypted in step 899-10. 
55 [0900] Then, in step 899-12, the user determines the 
purchase mode by operating the operation unit 1 65, and 
the corresponding operation signal SI 65 is output to the 
accounting processor 587. 
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[0901] In step S99-13, the accounting processor587 
updates the usage log data 308 stored in the external 
nnemory 201 based on the operation signal SI 65. The 
accounting processor 587 also updates the DCS data 
166 according to the determined purchase nnode every 
time the purchase mode of the content data C is deter- 
mined. 

[0902] Subsequently, in step S99-14, the encryption/ 
decryption unit 173 encrypts the UCS data 166 gener- 
ated in step S99-12 by sequentially using the storage 
key data K^^r medium key data K^eq, the purchas- 
er key data Kpi^ read from the storage unit 192, and 
outputs the encrypted UCS data 166 to the medium 
drive SAM manager 855. 

[0903] In step S99-15, the medium drive SAM man- 
ager 855 performs processing, such as sectorizing, add- 
ing a sector header, scrambling, ECC encoding, modu- 
lating, and synchronizing, on the key file KF, in which 
the new UCS data 1 66 is stored, and records it on the 
secure RAM area 132 of the recording medium (RAM) 
13O4. 

[0904] Thereafter, in step S99-16, the key file KF is 
read from the work memory 200, and is written into the 
secure RAM area 132 of the recording medium (RAM) 
13O4 by the medium drive SAM 260 shown in Fig. 94 via 
the medium drive SAM manager 855. 
[0905] In step S99-17, the CPU 1100 determines 
whether the above-described processing has been cor- 
rectly perfomned, and reports the con-esponding infor- 
mation to the host CPU 810 through an external Inter- 
rupt. 

[0906] Alternatively, the CPU 1100 may set a flag in 
the SAM status register indicating whether the above- 
described processing has been correctly performed, 
and the host CPU 810 may read the flag by polling. 
[0907] The processing for determining the purchase 
mode of the content data by a recording medium (ROM) , 
and the processing for writing the content data into a 
recording medium (RAM) after the purchase mode of 
the content data is determined by a recording medium 
(ROM) are similar to those performed by the SAM 305, 
of the first embodiment, except that the signature data 
SIGsp attached by using the private key data Ksp.p by 
the service provider 310 is checked. 
[0908] A method for implementing the SAM 305, is 
similar to that of the SAM 105, of the first embodiment. 
[0909] The configuration of the user home network 
103 discussed in-the first embodiment is applicable to 
the devices employed in the user home networi< 303. In 
this case, the configurations of the first embodiment dis- 
cussed with reference to Figs. 64 through 79 are appli- 
cable to the circuit modules of the SAM 305i, the AA/ 
compression/decompression SAM 163, the medium 
drive SAM 260, and the medium SAM 133. 
[0910] Similariy, the security functions described with 
reference to Fig. 62 are applicable to those of the EMD 
system 300, except for the content provider 101 is sub- 
stituted with the service provider 310. 



106 

[091 1 ] The connection models of the various devices 
in the user home network 303 are as follows. 
[0912] Fig. 1 01 illustrates an example of the connec- 
tion models of the devices in the user home network 
5 303. 

[0913] As shown in Fig. 101, the network device 360.,, 
and the A/V machines 36O2 and 36O3 in the user home 
network 303 are connected to each other via the I EEE- 
1394 serial bus 191. 
10 [0914] The network device 360, includes the external 
memory 201 , the SAM 3051 , the CA module 31 1 , the A/ 
V compression/decompression SAM 163, and the 
download memory 1 67. 

[0915] The CA module 311 communicates with the 
'5 service provider 310 via a network, such as a public line. 
The SAM 305, communicates with the EMD service 
center 302 via a network, such as a public line. As the 
download memory 167, a Memory Stick provided with 
the medium SAM 167a or a hard disk drive (hHDO) may 
20 be used. The download memory 1 67 stores the secure 
container 304 downloaded from the service provider 
310. 

[0916] Each device integrates a plurality of A/V com- 
pression/decompression SAMs 163 compatible with 
25 various compression/decompression methods, such as 
ATRAC3 and MPEG. 

[0917] TheSAM305i is able to communicate with the 
contact-type or non-contact-type IC card 1141 . The IC 
card 1141 stores various types of data, such as a user 
30 ID, and Is used for performing user authentication in the 
SAM305i. 

[0918] The A/V machine 36O2 is, for example, a stor- 
age device, and after performing predetermined 
processing between the SAMs 305., and 3052, 
35 cure container received from the network device 3601 
via the IEEE-1394 serial bus 191 is recorded on the re- 
cording medium 130. 

[0919] Likewise, the /W machine 36O3 is, for exam- 
ple, a storage device, and after perfomilng predeter- 
40 mined processing between the SAMs 3063 and 3053, 
the secure container received from the A/V machine 
36O2 via the IEEE-1394 serial bus 191 is recorded on 
the recording medium 130. 

[0920] In the example shown in Fig. 1 01 , the medium 
ts SAM 1 33 Is loaded on the recording medium 1 30. How- 
ever, if the medium SAM 133 is not provided for the re- 
cording medium 130, mutual authentication between 
the SAMs 3052 ^""^ 3053 is performed by using the me- 
dium drive SAM 260 indicated by a one-dot chain rec- 
so tangle in Fig. 101. 

[0921] The overall operation of the EMD system 300 
shown in Fig. 82 is described below with reference to 
Figs. 102 and 103. 

[0922] In this case, the secure container 304 is sent 
S5 online from the service provider 310 to the user home 
network 303 byway of example. The processing shown 
in Figs. 102 and 103 is executed, assuming that the reg- 
istration of the content provider 301 , the service provider 
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310, and the SAMs 305i through 3054 in the EMD serv- 
ice center 302 is completed. 

[0923] Referring to Fig. 102, in step S21, the EMD 
service center 302 sends to the content provider 301 the 
public key certificate CERqp of the public key data K^pp 5 
of the content provider 301 together with the signature 
data SIGi ESC of the EMD service center 302. 
[0924] The EM D service center 302 also sends to the 
service provider 31 0 the public key certificate CERsp of 
the public key data Kgp p of the service provider 31 0 to- io 
gether with the signature data SIGg, the EMD 

service center 302. 

[0925] The EMD service center 302 also sends the 
license key data KD, through KD3 for three months, 
each having a one-month effective period, to the SAMs >s 
305^ through 3064 of the user home network 303. 
[0926] In step 522, after performing mutual authenti- 
cation, the content provider 301 authorizes the UCP da- 
ta 1 06 and the content key data Kc by registering them 
in the EMD service center 302. The EMD service center 20 
302 creates the key file KF for six months shown in Fig. 
3B, and sends it to the content provider 301 . 
[0927]' Then, In step S23, the content provider 301 
creates the content file CF and the signature data 
SIGg CP shown in Fig. 3A, and the key file KF and the 25 
signature data SIG7 cp shown in Fig. 3B, and provides 
the secure container 1 04 in which the above-described 
files and signature data, and the public-key certificate 
data CERcp and the signature data SIG^ ggc ^"^^ stored 
to the service provider 310 online and/or offline. so 
[0928] In step S24, after checking the signature data 
SIG1 ESC shown in Fig. 3C, the service provider 31 0 ver- 
ifies the integrity of the signature data SIGgcp and 
SIG7 CP shown in Figs. 3A and 3B, respectively, by using 
the public key data Kcp,p stored in the public-key certif- 35 
icate data C ERcp, thereby verifying that the secure con- 
tainer 1 04 has been sent from the legal content provider 
301. 

[0929] Subsequently, in step S25, the service provid- 
er 31 0 creates the price tag data 31 2 and the signature 40 
data SIGg4 sp so as to generate the secure container 
304 shown in Fig. 87 in which the above-described data 
is stored. 

[0930] In step S26 , the service provider 31 0 authoriz- 
es the price tag data 312 by registering it in the EMD 
service center 302. 

[0931] In step S27, the service provider310 sends the 
secure container 304 created in step S25 to the decodr 
Ing module 905 of the network device 360., shown in Fig. 
89 online oroffline in response to, for example, a request so 
from the CA module 31 1 of the user home network 303. 
[0932] Then, in step S28, the CA module 311 creates 
the SP purchase log data 309 and appropriately sends 
it to the service provider 310. 

[0933] Referring to Fig. 1 03, in step 529, after verify- 55 
ing the integrity of the siignature data SIG6i_esc shown 
in Fig. 84D, one of the SAMs 305^ through 3064 verifies 
the integrity of the signature data SIGgg sp. SIGgg sp, 



and SIGg4. SP shown in Figs. 84A, 84B, and 84C, respec- 
tively, by using the public key data Kgpp stored in the 
public-key certificate data CERgp, thereby determining 
whether the predetermined data within the secure con- 
tainer 304 has been created and sent by the legal serv- 
ice provider 31 0. 

[0934] Thereafter, in step S30, after verifying the in- 
tegrity ofthe signature dataSIG^^sc shown in Fig.84D, 
one of the SAMs 305^ through 3054 verifies the integrity 
of the signature data SIGg cp and SIGy cp shown in 
Figs. 84A and 84B, respectively, by using the public key 
data Kcpp stored in the public-key certificate data CER- 
cp, thereby determining whetherthe content file CF with- 
in the secure container 304 has been created by the le- 
gal content provider 301 , and whether the key file KF 
has been sent from the legal content provider 301 . 
[0935] Additionally, one of the SAMs 305., through 
3064 verifies the integrity of the signature data 
SIGKi Esc within the key file KF shown in Fig. 848 by 
using the public key data Kescp- thereby determining 
whether the key file KF has been created by the legal 
EMD service center 302. 

[0936] In step 831 , the user detennines the purchase 
and usage modes of the content by operating the oper- 
ation unit 165 shown in Fig. 88. 

[0937] In step S32, in the SAMs 305^ through 3064, 
the usage log data 308 of the secure container 304 is 
generated based on the internal interrupt 8810 output 
from the host CPU 810 to the SAMs 305^ through 3064 
in step 831 . 

[0938] The usage log data 308 and the signature data 
SIG205 SAM1 ar® sent from the SAMs 305i through 3OS4 
to the EMD sen/ice center 302. The UCS data 166 is 
also sent from the SAMs 305, through 3064 to the EMD 

service center 302 in real time every time the purchase 
mode is determined. 

[0939] In step S33, the EMD service center 302 de- 
termines (calculates) the accounting content for each of 
the content provider 301 and the service provider 310 
based on the usage log data 308, and creates the set- 
tlement request data 152c and 152s based on the ac- 
counting content. 

[0940] Subsequently, in step 834, the EMD service 
center 302 sends the settlement request data 1 52c and 
152s together with signature data of the EMD service 
center 302 to the settlement organization 91 via the pay- 
ment gateway 90. Accordingly, the payment made by 
the user of the user home network 303 is distributed to 
the content provider 301 , the content rights holders, the 
service provider 310, and the seroice-provider rights 
holders. 

[0941] As described above, in the EMD system 300, 
the secure container 1 04 shown In Figs. 3A through 3C 
is distributed from the content provider 301 to the serv- 
ice provider 310, and the secure container 304 in which 
the content file CF and the key file KF of the secure con- 
tainer 104 are stored is sent from the service provider 
310 to the user home network 303. The processing for 
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the key file KF is executed in the SAIV/ls 305, through 
3054. 

[0942] The content key data Kc and the UCP data 1 06 
stored in the key file KF are encrypted with the license 
key data KD^ through KD3, and is decrypted only in the 
SAMs 305, through SOS^ which hold the license key da- 
ta KDi through KD3. The SAMs 305, through 3064 are 
tamper-resistant modules, which determine the pur- 
chase and usage modes of the content data C based on 
the handling policy of the content data C described in 
the UCP data 106. 

[0943] Consequently according to the EMD system 
300, the content data C in the user home network 303 
can be reliably purchased and utilized based on the 
UCP data 1 06 created by the content provider 301 or a 
content-provider related organization, independent of 
the processing in the service provider 310. That is, in 
the EMD system 300, the UCP data 1 06 cannot be man- 
aged by the service provider 31 0. 
[0944] Thus, in the EMD system 300, even when the 
content data C is distributed to the user home network 

303 via a plurality of different service providers 310, 
rights processing for the content data C in the SAM of 
the user home network 303 can be performed based on 
the common UCP data 1 06 created by the content pro- 
vider 301 or the contenl-provider related organization. 
[0945] In the EMD system 300, the files and data with- 
in the secure containers 1 04 and 304 are provided with 
signature data, which verifies the creators and the send- 
ers of the files and data.- It is thus possible for the service 
provider 31 0 and the SAMs 305, through 3054 to check 
the integrity of the files and data, and the integrity of the 
creators and the senders thereof, thereby effectively 
preventing the illegal use of the content data C. 
[0946] In the EMD system 300, the secure container 

304 is used for distributing the content data C from the 
service provider 310 to the user home network 303 re- 
gardless of whether it is sent online or offline. This en- 
ables the SAMs 1 05, through 1 064 of the user home 
network 303 to perfonm the same rights processing re- 
gardless of whether the secure container 304 is sent on- 
line or offline. 

[0947] In purchasing, utilizing, recording, and trans- 
ferring the content data C in the network device 360, 
and the A/V machines 36O2 through 36O4 within the user 
home network 303, processing is always executed 
based on the UCP data 106. Thus, rights processing 
rules in common to the whole user home network 303 
can be established. 

[0948] For example, as shown in Fig. 1 04, the content 
data C provided from the content provider 301 may be 
distributed from the service provider 310 to the user 
home network 303 by any method (path), such as pack- 
age distribution, a digital broadcast, the Internet, a ded- 
icated line, a digital radio, or a mobile communication. 
Even If any one of the above-described methods is 
used, the common rights processing rules can be em- 
ployed in SAMs in the user home networks 303 and 



303a based on the UCP data 106 created by the content 
provider 301 . 

[0949] According to the EMD system 300, the EMD 
service center 302 has an authentication function, a key- 

5 data management function, and a rights processing 
(profits distribution) function. Thus, the payment made 
by the user Is reliably distributed to the content provider 
301 and the EMD sen^ice center 302 according to pre- 
detemiined ratios. 

10 [0950] Also, the UCP data 106 of the same content 
file CF supplied from the same content provider 301 is 
supplied to the SAMs 305, through 3054, independent 
of the services of the service provider 310. Accordingly, 
the content file CF can be utilized in the SAMs 305, 

'5 through 3064 based on the UCP data 106 at the discre- 
tion of the content provider 301 . 

[0951] That is, according to the EMD system 300, in 
providing services of the content or utilizing the content 
by the user, the rights and profits of the content provider 

20 301 can be reliably protected according to technical 
means without depending on an auditor organization 
725, which is conventionally required. 
[0952] The distribution protocols for, for example, the 
secure container, employed in the EMD system 300 of 

25 the second embodiment are as follows. 

[0953] The secure container 1 04 created in the con- 
tent provider 301 is distributed to the service provider 
31 0, as shown in Fig. 1 05, by using content-provider dis- 
tribution protocols, such as the Internet (TCP/IP) or a 

30 dedicated line (ATM Cell). 

[0954] The service provider 31 0 then distributes the 
secure container 1 04 created from the secure container 
1 04 to the user home network 303 by using sen/ice-pro- 
vider distribution protocols, such as a digital broadcast 

35 (XML/SMIL on MPEG-TS) the internet (XML7SMIL on 
TCP/IP), or package distribution (recording medium). 
[0955] Within the user home networi< 303 or 303a, or 
between the user home networks 303 and 303a, or be- 
tween the SAMs, the secure container is transferred by 

40 using a home electric commerce (EC)/distribution serv- 
ices (XML/SMIL on a 1394-seriai bus interface) or a re- 
cording medium. 

[0956] While the present invention has been de- 
scribed with reference to what are presently considered 
45 to be the preferred embodiments, it is to be understood 
that the invention is not limited to the disclosed embod- 
iments. 

[0957] For example, although in the foregoing embod- 
iments the key file KF Is created In the EMD service cent- 
50 er 1 02 or 302, it may be created in the content provider 
101 or 301. 

[0958] As Is seen from the foregoing description, the 
data processing apparatus of the present invention of- 
fers the following advantages. Rights processing for the 
55 content data can be performed based on UCP data in- 
dicating the handling of the content data in a secure en- 
vironment. As a result, if the UCP data is created by a 
content provider, profits of the content data can be suit- 
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ably protected, and also, a load for monitoring by the 
content provider can be reduced. 
[0959] In so far as the embodiments of the invention 
described above are implemented, at least in part, using 
software-controlled data processing apparatus, it will be 
appreciated that a computer program providing such 
software control and a storage medium by which such 
a computer program is stored are envisaged as aspects 
of the present Invention. 



Claims 

1. A data processing apparatus for performing rights 
processing of content data encrypted with content 
key data based on usage control policy data, and 
for decrypting the encrypted content key data, said 
data processing apparatus comprising within a 
tamper-resistant circuit module: 

a first bus; 

an arithmetic processing circuit connected to 
said first bus, for performing the rights process- 
ing of the content data based on the usage con- 
trol policy data; 

a storage circuit connected to said first bus; 
a second bus; 

a first Interface circuit interposed between said 
first bus and said second bus; 
an encryption processing circuit connected to 
said second bus, for decrypting the content key 
data; and 

an external bus Interface circuit connected to 
said second bus. 

2. A data processing apparatus according to claim 1 , 
further comprising a second interface circuit witfiin 
said tamper-resistant circuit module, wherein said 
first bus comprises a third bus connected to said 
arithmetic processing circuit and said storage cir- 
cuit, and a fourth bus connected to said first inter- 
face circuit, and said second interface circuit is in- 
terposed between said third bus and said fourth 
bus. 

3. A data processing apparatus according to claim 2, 
further comprising within said tamper-resistant cir^ 
cuit module: 

a fifth bus; 

a third interface circuit connected to said fifth 
bus, for perfomiing communication witli a data 
processing circuit having an authentication 
function which is loaded on one of a recording 
medium and an integrated circuit card; and 
a fourth interface circuit interposed between 
said fourth bus and said fifth bus. 



4. A data processing apparatus according to claim 1 , 
wherein said encryption processing circuit compris- 
es a public-key encryption circuit and a common- 
key encryption circuit. 

5 

5. A data processing apparatus according to claim 4, 
wherein: 

said storage circuit stores private key data of 

10 said data processing apparatus and public key 

data of a second data processing apparatus; 
said public-key encryption circuit verifies the in- 
tegrity of signature data, which verifies the in- 
tegrity of the content data, the content key data, 

'5 and the usage control policy data, by using the 

corresponding public key data, and when re- 
cording the content data, the content key data, 
and the usage control policy data on a record- 
ing medium or when sending them to said sec- 

20 ond data processing apparatus, said public-key 

encryption circuit creates signature data, which 
verifies the integrity of the content data, the 
content key data, and the usage control policy 
data, by using the private key data; and 

25 said common-key encryption circuit decrypts 

the content key data, and when sending the 
content data, the content key data, and the us- 
age control policy data to said second data 
processing apparatus online, said common- 

30 key encryption circuit encrypts and decrypts the 

content data, the content key data, and the us- 
age control policy data by using session key da- 
ta obtained by perfomiing mutual authentica- 
tion witii said second data processing appara- 

35 tus. 

6. A data processing apparatus according to claim 5, 
further comprising a hash-value generating circuit 
within said tamper-resistant circuit module, for gen- 

'fo erating hash values of the content data, the content 
key data and the usage control policy data, wherein 
said public-key encryption circuit verifies the integ- 
rity of the signature data and creates the signature 
data by using the hash values. 

45 

7. A data processing apparatus according to claim 1 , 
further comprising a random-number generating 
circuit within said tamper-resistant circuit module, 
said random-number generating circuit being con- 
so nected to said second bus, for generating a random 

number for performing mutual authentication with 
said second data processing apparatus when send- 
ing the content data, the content key data, and the 
usage control policy data to said second data 
55 processing apparatus onlirie. 

8. A data processing apparatus according to claim 1 , 
wherein said external bus interface circuit is con- 
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nected to an external storage circuit for storing at 
least one of the content data, the content key data, 
and the usage control policy data. 

9. A data processing apparatus according to claim 8, 
further comprising a storage-circuit control circuit 
for controlling access to said storage circuit and ac- 
cess to said external storage circuit via said external 
bus interface circuit in accordance with a command 
from said arithmetic processing circuit. 

10. A data processing apparatus according to claim 1 , 
wherein said extemai bus interface circuit is con- 
nected to a host arithmetic processing apparatus for 
centrally controlling a system on which said data 
processing apparatus is loaded. 

11. A data processing apparatus according to claim 8, 
further comprising a storage management circuit for 
managing an address space of said storage circuit 
and an address space of said external storage cir- 
cuit. 

12. A data processing apparatus according to claim 1, 
wherein said arithmetic processing circuit deter- 
mines at least one of a purchase mode and a usage 
mode of the content data based on a handling policy 
indicated by the usage control policy data, and cre- 
ates log data indicating a result of the detenriined 
mode. 

13. A data processing apparatus according to claim 12, 
wherein, after determining the purchase mode, said 
arithmetic processing circuit creates usage control 
status data in accordance with the determined pur- 
chase mode, and controls the use of the content da- 
ta based on the usage control status data. 

14. A data processing apparatus according to claim 4, 
wherein, in recording the content data, for which the 
purchase mode is detemnined, on a recording me- 
dium, said common-key encryption circuit encrypts 
the content key data and the usage control status 
data by using medium key data corresponding to 
said recording medium. 

15. A data processing apparatus according to claim 4, 
wherein, when the content key data is encrypted 
with license key data having an effective period, 
said storage circuit stores the license key data, said 
data processing apparatus further comprises a real 
time clock for generating real time, said arithmetic 
processing circuit reads the effective license, key 
data from said storage circuit based on the real time 
indicated by said real time clock, and said common- 
key encryption circuit decrypts the content key data 
by using the read license key data. 



114 

16. A data processing apparatus according to claim 1 , 
wherein said storage circuit writes and erases data 
in units of blocks, and said data processing appa- 
ratus comprises within said tamper-resistant circuit 
5 module, a write-lock control circuit for controlling the 

writing and erasing of the data into and from said 
storage circuit in units of blocks under the control of 
said arithmetic processing circuit. 

JO 17. A data processing apparatus for performing rights 
processing of content data encrypted with content 
key data based on usage control policy data, and 
for decrypting the encrypted content key data, said 
data processing apparatus comprising within a 

'5 tamper-resistant circuit module: 

a first bus; 

an arithmetic processing circuit connected to 
said first bus, for performing the rights process- 
20 -ing of the content data based on the usage con- 

trol policy data; 

a storage circuit connected to said first bus; 
a second bus; 

an interface circuit interposed between said 
25 first bus and said second bus; 

an encryption processing circuit connected to 
said second bus, for decrypting the content key 
data; and 

an external bus interface circuit connected to 

30 said second bus, 

wherein, upon receiving an intemjpt from an 
external circuit via said extemai bus interface 
circuit, said arithmetic processing circuit be- 
comes a slave for said extemai circuit so as to 

3s perform processing designated by the interrupt, 

and reports a result of the processing to said 
external circuit. 

18. A data processing apparatus according to claim 1 7, 
40 wherein said arithmetic processing circuit reports 

the result of the processing by outputting an inter- 
rupt to said external circuit. 

1 9. A data processing apparatus according to claim 1 7 , 
**5 wherein said external bus interface comprises a 

common memory for said arithmetic processing cir- 
cuit and said extemai circuit, and said arithmetic 
processing circuit writes the result of the processing 
into said common memory, and said external circuit 
so obtains the result of the processing by polling. 

20. A data processing apparatus according to claim 1 9, 
wherein said external bus interface comprises: 

55 a first status register indicating an execution 

status of the processing requested from said 
external circuit in said arithmetic processing cir- 
cuit, and including a flag set by said arithmetic 
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processing circuit and read by said external cir- 
cuit; 

a second status register Indicating wiiether said 
external circuit has requested said arithmetic 
processing circuit to perform processing, and 
including a flag set by said external circuit and 
read by said arithmetic processing circuit; and 
said common memory for storing a result of the 
processing. 

21 . A data processing apparatus according to claim 1 8, 
wherein said storage circuit stores an Interrupt pro- 
gram describing the processing designated by the 
interrupt, and said arithmetic processing circuit per- 
forms the processing by executing the interrupt pro- 
gram read from said storage circuit. 

22. A data processing apparatus according to claim 21 , 
wherein said storage circuit stores a plurality of said 
Interrupt programs, and a plurality of sub-routines 
to be read when executing the interrupt program, 
and said arithmetic processing circuit appropriately 
reads and executes the sub-routines from said stor- 
age circuit when executing the Inten-upt program 
read from said storage circuit. 

23. A data processing system comprising: 

an arithmetic processing apparatus, for execut- 
ing a predetermined program and for outputting 
an Interrupt according to a predetermined con- 
dition by serving as a master; and 
a data processing apparatus, for performing 
predetemilned processing in response to the 
interrupt from said arithmetic processing appa- 
ratus by serving as a slave for said arithmetic 
processing apparatus, and for reporting a result 
of the processing to said arithmetic processing 
apparatus, said data processing apparatus 
comprising within a tamper-resistant circuit 
module: 

determining means for determining at least one 

of a purchase mode and a usage mode of con- . 

tent data based on a handling policy Indicated 

by usage control policy data; 

log data generating means for generating log 

data indicating a result of the detenninedmode; 

and 

decrypting means for decrypting the content 
key data. 

24. A data processirig system according to claim 23, 
wherein, upon receiving the interrupt indicating an 
interrupt type, said arithmetic processing apparatus 
outputs to said data processing apparatus an inter- 
rupt indicating an instruction to execute an interrupt 
routine corresponding to the interrupt type, and said 
data processing apparatus executes the interrupt 



routine corresponding to the interrupt type of the in- 
terrupt received from said arithmetic processing ap- 
paratus. 

25. A data processing system according to claim 23, 
wherein said data processing apparatus reports a 
result of the processing by outputting an interrupt to 
said arithmetic processing apparatus. 

26. A data processing system according to claim 23, 
wherein said data processing apparatus comprises 
a common memory which is accessible by said data 
processing apparatus and said arithmetic process- 
ing apparatus, and said arithmetic processing ap- 
paratus obtains the result of the processing by ac- 
cessing said common memory through polling. 



27. A data processing system according to claim 26, 
wherein said data processing apparatus comprises 
a first status register Indicating an execution status 
of the processing requested from said arithmetic 
processing apparatus, and including a flag read by 
said arithmetic processing apparatus; 

a second status register Indicating whethersald 
arithmetic processing apparatus has requested 
said data processing apparatus to perform 
processing by the Interrupt, and Including a flag 
set by said arithmetic processing apparatus; 
and 

said common memory for storing a result of the 
processing. 

28. A data processing system according to claim 23, 
further comprising a bus for connecting said arith- 
metic processing apparatus and said data process- 
ing apparatus. 

29. A data processing system according to claim 24, 
wherein said data processing apparatus enters a 
low power state after completing the execution of 
one of an initial program and the interrupt routine. 

30. A data processing system according to claim 24, 
whei'ein, based on the interrupt received from said 
arithmetic processing apparatus, said data 
processing apparatus executes the interrupt routine 
in accordance with at least one of processing for 
determining one of the purchase mode and the us- 
age mode of the content data, processing for repro- 
ducing the content data, and processing for down- 
loading the data from a certifying authority. 

31. A data processing system according to claim 23, 
wherein said arithmetic processing apparatus exe- 
cutes a predetermined user program. 

32. A data processing system in which content data 
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provided by a data providing apparatus is received 
from a data distribution apparatus, and is managed 
by a management apparatus, said data processing 
system comprising: 

a first processing module for receiving from 
said data distribution apparatus a module in 
which content data encrypted with content key 
data, the encrypted content l<ey data, usage 
control policy data indicating a handling policy 
of the content data, and price data for the con- 
tent data detennined by said data distribution 
apparatus are stored, and for decrypting the re- 
ceived module by using common key data, and 
for performing accounting processing for a dis- 
tribution service of the module by said data dis- 
tribution apparatus; 

an arithmetic processing apparatus for execut- 
ing a predetemnlned program and foroutputting 
an interrupt according to a predetermined con- 
dition by serving as a master; and 
a data processing apparatus for performing 
predetennined processing in response to the 
Interrupt from said arithmetic processing appa- 
ratus by serving as a slave for said arithmetic 
processing apparatus, and for reporting a result 
of the processing to said arithmetic processing 
apparatus, said data processing apparatus 
comprising within a tamper-resistant circuit 
module: 

detemiining means for determining at least 
one of a purchase mode and a usage mode 
of the content data based on the handling 
policy indicated by the usage control policy 
data stored in the received module; 
log data generating means for generating 
log data indicating a result of the deter- 
mined mode; 

output means for outputting the price data 
and the log data to said management ap- 
paratus when the purchase mode of the 
content data Is determined; and 
decrypting means for decrypting the con- 
tent l<ey data. 

A data processing system comprising: 

an arithmetic processing apparatus for execut- 
ing a predetemined program and for outputting 
an interrupt according to a predetermined con- 
dition by serving as a master; 
a first tamper-resistant data processing appa- 
ratus for perfonning rights processing of con- 
tent data encrypted with content key data in re- 
sponse to the interrupt from said arithmetic 
processing apparatus by serving as a slave for 
said arithmetic processing apparatus, and for 



reporting a result of the processing to said arith- 
metic processing apparatus; and 
a second tamper-resistant data processing ap- 
paratus for decrypting the content data by using 
the content l<ey data obtained by performing 
mutual authentication with said first tamper-re- 
sistant data processing apparatus and for com- 
pressing or decompressing the content data in 
response to the interrupt from said arithmetic 
processing apparatus or said first tamper-re- 
sistant data processing apparatus by serving 
as a slave for said arithmetic processing appa- 
ratus or said first tamper-resistant data 
processing apparatus. 

34. A data processing system according to claim 33, 
further comprising a bus for connecting said arith- 
metic processing apparatus, said first tamper-re- 
sistant data processing apparatus, and said second 

20 tamper-resistant data processing apparatus. 

35. A data processing system comprising: 

an arithmetic processing apparatus for execut- 
es ing a predetermined program and foroutputting 
an Interrupt according to a predetemiined con- 
dition by serving as a master; 
a first tamper-resistant data processing appa- 
ratus for perfonning rights processing of con- 
30 tent data encrypted with content key data in re- 
sponse to the interrupt from said arithmetic 
processing apparatus by serving as a slave for 
said arithmetic processing apparatus, and for 
reporting a result of the processing to said arith- 
35 metic processing apparatus; and 

a second tamper-resistant data processing ap- 
paratus for perfonning mutual authentication 
with said arithmetic processing apparatus and 
for reading and writing the content data from 
'^o and into a recording medium in response to the 

interrupt output from said arithmetic processing 
apparatus. 

36. A data processing system according to claim 35, 
4* wherein said second tamper-resistant processing 

apparatus decrypts and encrypts the content data 
by using medium key data corresponding to said re- 
cording medium. 

50 37. A data processing system according to claim 35, 
wherein, when said recording medium is provided 
with a processing circuit having a mutual authenti- 
cation function, said second tamper-resistant 
processing apparatus perfonns mutual authentlca- 

55 tion with said processing circuit. 

38. A data processing system comprising: 
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an arithmetic processing apparatus for execut- 
ing a predetermined program and for outputting 
an interrupt according to a predetemiined con- 
dition by serving as a master; 
a first tamper-resistant data processing appa- 
ratus for performing mutual authentication with 
said arithmetic processing apparatus and for 
reading and writing content data from and into 
a recording medium In response to the interrupt 
from said arithmetic processing apparatus; and 
a second tamper-resistant data processing ap- 
paratus for decrypting the content data by using 
content key data and for compressing or de- 
compressing the content data in response to 
the interrupt from said arithmetic processing 
apparatus by serving as a slave for said arith- 
metic processing apparatus. 

39. A data processing system according to claim 38, 
further comprising a storage circuit for temporarily 
storing the content data read from said recording 
medium by said first tamper-resistant data process- 
ing apparatus, and for outputting the stored content 
data to said second tamper-resistant data process- 
ing apparatus. 

40. A data processing system according to claim 39, 
wherein said storage circuit utilizes part of a storage 
area of an anti-vibration storage circuit. 

41 . A data processing system according to claim 38, 
further comprising a third tamper-resistant data 
processing apparatus for performing rights 
processing of the content data encrypted with the 
content key data in response to the interrupt from 
said arithmetic processing apparatus by serving as 
a slave for said arithmetic processing apparatus, 
and for reporting a result of the processing to said 
arithmetic processing apparatus. 

42. A data processing method using an arithmetic 
processing apparatus and a data processing appa- 
ratus, said data processing method comprising the 

steps of: 

executing, in said arithmetic processing appa- 
ratus, a predetennlned program and outputting 
an interrupt according to a predetennined con- 
dition by serving as a master; and 
determining, In said data processing appara- 
tus, at least one of a purchase mode and a us- 
age mode of content data based on a handling 
policy of usage control policy data, creating log 
data indicating a result of the determined mode, 
and decrypting content key data, within a 
tamper-resistant circuit module in response to 
the interrupt, from said arithmetic processing 
apparatus by serving as a slave for said arith- 
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metic processing apparatus. 

43. A data processing method according to claim 42, 
wherein, upon receiving the interrupt indicating an 

5 interrupt type, said arithmetic processing apparatus 

outputs to said data processing apparatus an inter- 
rupt indicating an instruction to execute an interrupt 
routine corresponding to the interrupt type, and said 
data processing apparatus executes the interrupt 

10 routine con-esponding to the processing designated 
by the inten-upt received from said arithmetic 
processing apparatus. 

44. A data processing method according to claim 42, 
'5 wherein said data processing apparatus reports the 

result of the processing by outputting an Interrupt to 
said arithmetic processing apparatus. 

45. A data processing method according to claim 42, 
20 wherein said data processing apparatus comprises 

a common memory which is accessible by said data 
processing apparatus and said arithmetic process- 
ing apparatus, and said arithmetic processing ap- 
paratus obtains the result of the processing by ac- 
25 cessing said common memory through polling. 

46. A data processing method according to claim 45, 
wherein: 

30 said data processing apparatus sets a flag in a 

first status register indicating an execution sta- 
tus of the processing requested by the interrupt 
from said arithmetic processing apparatus; 
said arithmetic processing apparatus reads the 

35 execution status of the processing of said data 

processing apparatus from the flag in said first 
status register; 

said arithmetic processing apparatus sets a 
flag in a second status register indicating 
whether said arithmetic processing apparatus 
has requested said data processing apparatus 
to perform the processing through the interrupt; 
and 

said data processing apparatus detennlnes 
^5 whether said arithmetic processing apparatus 

has requested said data processing apparatus 
to perfonn the processing from the flag in said 
second status register. 

50 47. A data processing method according to claim 42, 
wherein said data processing apparatus enters a 
low power state upon completion of the execution 
of one of an initial program and the Interrupt routine. 

48. A data processing method according to claim 42, 
wherein, based on the interrupt received from said 
arithmetic processing apparatus, said data 
processing apparatus executes the interrupt routine 
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in accordance with at least one of processing for 
determining one of the purchase mode and the us- 
age mode of the content data, processing for repro- 
ducing the content data, and processing for down- 
loading the data from a certifying authority. 

49. A data processing method according to claim 42, 
wherein said arithmetic processing apparatus exe- 
cutes a predetermined user program. 

50. A data processing method using an arithmetic 
processing apparatus, a first data processing appa- 
ratus, and a second data processing apparatus, 
said data processing method comprising the steps 

of; 

executing, in said arithmetic processing appa- 
ratus, a predetennined program and outputting 
an interrupt according to a predetennined con- 
dition by serving as a master; 
performing, in said first data processing appa- 
ratus, rights processing of content data en- 
crypted with content l<ey data within a tamper- 
resistant module in response to the interrupt 
from said arithmetic processing apparatus by 
serving as a slave for said arithmetic process- 
ing apparatus, and reporting a result of the 
processing to said arithmetic processing appa- 
ratus; and 

decrypting, in said second data processing ap- 
paratus, the content data by using the content 
l<ey data obtained by performing mutual au- 
thentication with said first data processing ap- 
paratus and compressing or decompressing 
the content data within a tamper-resistant mod- 
ule in response to the interrupt from said arith- 
metic processing apparatus or said first data 
processing apparatus by serving as a slave for 
said arithmetic processing apparatus or said 
first data processing apparatus. 

51. A data processing method using an arithmetic 
processing apparatus, a first data processing appa- 
ratus, and a second data processing apparatus, 
said data processing method comprising the steps 

of: 

executing, in said arithmetic processing appa- 
ratus, a predetennined program and outputting 
an interrupt according to a predetennined con- 
dition by serving as a master; 
perfonning, in said first data processing appa- 
ratus, rights processing of content data en- 
crypted with content l<ey data within a tamper- 
resistant module in response to the interrupt 
from said arithmetic processing apparatus by 
serving as a slave for said arithmetic process- 
ing apparatus, and reporting a result of the 



processing to said arithmetic processing appa- 
ratus; and 

performing, in said second data processing ap- 
paratus, mutual authentication with said arith- 
5 metic processing apparatus, and reading and 

writing the content data from and into a record- 
ing medium within a tamper-resistant module 
in response to the interrupt from said arithmetic 
processing apparatus. 

10 

52. A data processing method according to claim 51 , 
wherein said second data processing apparatus de- 
crypts and encrypts the content data by using me- 
dium key data corresponding to said recording me- 

'5 dium. 

53. A data processing method according to claim 51 , 
wherein, when said recording medium is provided 
with a processing circuit having a mutual authenti- 

20 cation function, said second data processing appa- 
ratus performs mutual authentication with said 
processing circuit. 

54. A data processing method using an arithmetic 
25 processing apparatus , a first data processing appa- 
ratus, and a second data processing apparatus, 
said data processing method comprising the steps 
of: 



30 executing, in said arithmetic processing appa- 

ratus, a predetermined program and outputting 
an interrupt according to a predetermined con- 
dition by serving as a master; 
performing, in said first data processing appa- 
ls ratus, mutual authentication with said arithme- 
tic processing apparatus, and reading and writ- 
ing content data from and into a recording me- 
dium within a tamper-resistant module in re- 
sponse to the interrupt from said arithmetic 
40 processing apparatus; and 

decrypting, in said second data processing ap- 
paratus, the content data by using content key 
data and compressing or decompressing the 
content data within a tamper-resistant module 
in response to the interrupt from said arithmetic 
processing apparatus by serving as a slave for 
said arithmetic processing apparatus. 

55. A data processing method according to claim 54, 
50 Wherein the content data read from said recording 

medium by said first data processing apparatus is 
temporarily stored in a storage circuit, and the con- 
tent data read from said storage circuit is output to 
said second data processing apparatus. 

55 

56. A data processing method according to claim 55, 
wherein said storage circuit utilizes part of a storage 
area of an anti-vibration storage circuit. 
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